[FD] Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996)

2017-10-27 Thread VSR Advisories
   Virtual Security Research, LLC.   https://www.vsecurity.com/   Security Advisory =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Bomgar Remote Support - Local Privilege Escalation  Rele

[FD] PIA Android App Can Be Crashed via Large Download [CVE-2017-15882]

2017-10-27 Thread Nightwatch Cybersecurity Research
[Original post here: http://wwws.nightwatchcybersecurity.com/2017/10/25/advisory-pia-android-app-cve-2017-15882/] SUMMARY The Android application provided by Private Internet Access (PIA) VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be

[FD] ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability

2017-10-27 Thread EMC Product Security Response Center
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability EMC Identifier: ESA-2017-134 CVE Identifier: CVE-2017-14373 Severity Rating: CVSSv3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected

[FD] Windows Attachment Manager *potential* feature bypass

2017-10-27 Thread Stevie Lamb (WLT GB)
*First ever post, so apologies for any associated naiveté* Scenario: The Windows Attachment Manager does not correctly handle JAR files marked as “high risk” when accessed via Internet Explorer 11. This leads to direct execution of any JAR file when a user clicks “Open” rather than “Save” or