Security headlines second episode
In this episode of security headlines the following vulnerabilities are mentioned:
For wordpress:
WordPress Aviary Image Editor Add-On For Gravity Forms Plugins 3.0 Beta R7 CSRF Shell Upload Vulnerability
Wordpress Plugin Contact Form Builder 1.6.1 — Cross-Site Scripting
Wordpress Plugin PicUploader 1.0 — Remote File Upload
WordPress StatTraq 1.3.0 SQL Injection
WordPress WP Forms 1.5.8.2 Cross Site Scripting
WordPress WPForms 1.5.9 Cross Site Scripting
Tor:
Medium CVE-2020–10592: Torproject TOR
Medium CVE-2020–10593: Torproject TOR
TROVE-2020–002 TROVE-2020–004
remotely triggerable memory leak on relays and clients
Causing denial of service
https://trac.torproject.org/projects/tor/ticket/33619
Sharepoint:
SharePoint Workflows XOML Injection which is now a metasploit module
https://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html
Joomla:
Joomla GMapFP 3.30 Arbitrary File Upload
Joomla HDWPlayer 4.2 SQL Injection
Joomla! com_hdwplayer 4.2 search.php SQL Injection
Jenkins:
jenkins-2-plugins: Execute arbitrary code commands
openshift/jenkins-plugin: Deserialization in snakeyaml YAML() objects
allowed for remote code execution (CVE-2020–2167)
Weechat:
Medium CVE-2020–9759: Weechat Weechat
Medium CVE-2020–9760: Weechat Weechat
https://weechat.org/doc/security/
One crash and one buffer overflow based on nick prefixes.
SCADA:
New scada vulnerability affecting Schneider Electric IGSS SCADA Software
https://www.zerodayinitiative.com/advisories/upcoming/
https://www.us-cert.gov/ics/advisories/icsa-20-084-02
http/3 QUIC vuln:
Specially formatted HTTP/3 messages may cause the Traffic Management
Microkernel (TMM) to produce a core file. (CVE-2020–5859)
https://support.f5.com/csp/article/K61367237
Check us out at:
https://firosolutions.com
https://watchers.firosolutions.com
https://blog.firosolutions.com
status.firosolutions.com Latest Vulnerabilities and exploits
Wanna get notified? We have invented Vulnerability Management and are the only once that offer it in the best form…
status.firosolutions.com
Listen to it here:
https://anchor.fm/firo-solutions/episodes/Second-Episode-ec84rp