|
|
Colapse all |
Post message
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset 2016-11-15 Andrew Klaus (andrewklaus gmail com) CVE-2016-4484: - Cryptsetup Initrd root Shell 2016-11-14 Hector Marco (hmarco hmarco org) Hello All, Affected package ---------------- Cryptsetup <= 2:1 CVE-ID ------ CVE-2016-4484 Description ----------- A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability [ more ] [ reply ] [security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection 2016-11-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247 59 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05324759 Version: 2 HPSBUX03665 rev.2 [ more ] [ reply ] [security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery 2016-11-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247 55 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05324755 Version: 1 HPSBGN03669 rev.1 [ more ] [ reply ] SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 2016-11-14 SEC Consult Vulnerability Lab (research sec-consult com) Multiple vulnerabilities in Barco Clickshare 2016-11-14 vincent ruijter kpn com CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1 Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (CSM-1). A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance [ more ] [ reply ] CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details 2016-11-14 Berend-Jan Wever (berendj nwever nl) Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the tenth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161114001.html. Follow me on http://twitter.co [ more ] [ reply ] [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE 2016-11-13 Maxim Solodovnik (solomax apache org) Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack The issue was fixed in 3.1.2 All users are recommended to upgrade to Apache OpenMeetings 3 [ more ] [ reply ] CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart 2016-11-12 unlimitsec gmail com Description of the potential vulnerability: Severity: Low Affected versions: L(5.0/5.1), M(6.0) Disclosure status: Privately disclosed. One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart. The patch fixes the vuln [ more ] [ reply ] [SECURITY] [DSA 3711-1] mariadb-10.0 security update 2016-11-11 Salvatore Bonaccorso (carnil debian org) Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability 2016-11-10 Secunia Research (remove-vuln secunia com) CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser 2016-11-10 tallison apache org CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser Severity: Important Vendor: The Apache Software Foundation Versions Affected: 1.6-1.13 Description: Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files. T [ more ] [ reply ] Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability 2016-11-10 Secunia Research (remove-vuln secunia com) Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability 2016-11-10 Secunia Research (remove-vuln secunia com) WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details 2016-11-10 Berend-Jan Wever (berendj nwever nl) Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the eight entry in that series, although this particular vulnerability does not just affect web-browsers, but all applications that use WININET to make HTTP requests. Th [ more ] [ reply ] Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 2016-11-10 nickyccwu tencent com Document Title: =============== Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 References (Source): ==================== https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind- sql-injection-vulnerability-in-exponent-cms-240-4 https://github.com/exponentcms/exponent-cms/com [ more ] [ reply ] MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details 2016-11-09 Berend-Jan Wever (berendj nwever nl) Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the seventh entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161109001.html. There you can find a repro th [ more ] [ reply ] [security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution 2016-11-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053274 47 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05327447 Version: 1 HPSBGN03670 rev.1 [ more ] [ reply ] URL Redirection Vulnerability In Verint Impact 360 2016-11-08 sanehsingh controlcase com URL Redirection Vulnerability In Verint Impact 360 Overview ======== * Title : URL Redirection Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor De [ more ] [ reply ] Cross-Site Scripting in Calendar WordPress Plugin 2016-11-08 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Calendar WordPress Plugin ------------------------------------------------------------------------ Remco Vermeulen, July 2016 ------------------------------------------------------------------------ Abs [ more ] [ reply ] Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin 2016-11-08 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, October 2016 ---------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin 2016-11-08 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------- [ more ] [ reply ] Cross Site Scripting Vulnerability In Verint Impact 360 2016-11-08 sanehsingh controlcase com Overview ======== * Title : Cross Site Scripting Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description =========== About the Product ===== [ more ] [ reply ] [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow 2016-11-07 Pedro Ribeiro (pedrib gmail com) tl;dr A stack bof in several Dlink routers, which can be exploited by an unauthenticated attacker in the LAN. There is no patch as Dlink did not respond to CERT's requests. As usual, a Metasploit module is in the queue (see [9] below) and should hopefully be integrated soon. The interesting thing [ more ] [ reply ] [security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution 2016-11-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258 36 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05325836 Version: 1 HPSBGN03643 rev.1 [ more ] [ reply ] Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability 2016-11-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1931 Release Date: ============= 2016-11-07 Vulnerability Laboratory ID (VL-ID): ================== [ more ] [ reply ] |
|
Privacy Statement |
Vendor: Actiontec (Telus Branded)
Model: WCB3000N
Affected Firmware: v0.16.2.5
Device Manual: http://static.telus.com/common/cms/files/internet/wifi_plus_extender.pdf
Reported: November 2015
Status: Fixed on newest pushed firmware version
CVE: Update is handled by the vendor, th
[ more ] [ reply ]