|
|
Colapse all |
Post message
APPLE-SA-2016-01-25-1 tvOS 9.1.1 2016-01-25 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-25-1 tvOS 9.1.1 tvOS 9.1.1 is now available and addresses the following: Disk Images Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory [ more ] [ reply ] Magento 1.9.x Multiple Man-In The Middle 2016-01-25 cxsecurity protonmail com Magento 1.9.x Multiple Man-In The Middle https://cxsecurity.com/issue/WLB-2016010129 --- Description --- The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different tech [ more ] [ reply ] glibc catopen() Multiple unbounded stack allocations 2016-01-25 cxsecurity protonmail com glibc catopen() Multiple unbounded stack allocations URL: https://cxsecurity.com/issue/WLB-2016010149 --------------------------------------- PoC: #include <nl_types.h> #include <string.h> #include <stdlib.h> int main(){ char *buff; buff=malloc(11111111); memset(buff,'A',11111110); buff[11111110 [ more ] [ reply ] [SECURITY] [DSA 3453-1] mariadb-10.0 security update 2016-01-25 Salvatore Bonaccorso (carnil debian org) WP Easy Gallery v4.1.4 Stored XSS Vulnerability 2016-01-26 Rahul Pratap Singh (techno rps gmail com) #Product : WP Easy Gallery #Exploit Author : Rahul Pratap Singh #Version : 4.1.4 #Home page Link : https://wordpress.org/plugins/wp-easy-gallery #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 26/Jan/2016 XSS Vulnerability: ---- [ more ] [ reply ] PHP LiteSpeed SAPI secret key improper disposal 2016-01-25 Imre RAD (imre rad search-lab hu) In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on preshared random key between [ more ] [ reply ] PHP-FPM fpm_log.c memory leak and buffer overflow 2016-01-25 Imre RAD (imre rad search-lab hu) The FastCGI Process Manager (FPM) SAPI of PHP was vulnerable to memory leak and buffer overflow in the access logging feature. PHP-FPM offers customization of the access log lines based on format string variables which can be specified with the access.format option of the FPM configuration file. Th [ more ] [ reply ] Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) 2016-01-24 zemnmez googlemail com The Buffalo NAS device includes a web interface located at its IP address. A shutdown of the device can be initiated without confirmation by loading the endpoint /shutdown.html on this address. This shutdown powers off the device, requiring physical access to restart. The shutdown webpage has no sp [ more ] [ reply ] ZyXel WAP3205 v1 Multiple XSS 2016-01-23 graphx sigaint org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 #Vendor: ZyXel WAP3205 - version 1 (Product is EOL and no patch forthcoming) #Firmware version: V1.00(BFR.6) - V1.00(BFR.8)C0 #Exploit Author: Nicholas Lehman @GraphX #Vulnerability: Multiple persistent and reflected XSS vulnerabilities Description [ more ] [ reply ] HP ToComMsg DLL side loading vulnerability 2016-01-23 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ HP ToComMsg DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2015 ------------------------------------------------------------------------ Abstrac [ more ] [ reply ] LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities 2016-01-23 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2015 ------------------------------------------------------- [ more ] [ reply ] HP LaserJet Fax Preview DLL side loading vulnerability 2016-01-23 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ HP LaserJet Fax Preview DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2015 -------------------------------------------------------------------- [ more ] [ reply ] XMB - eXtreme Message Board v1.9.11.13 Weak Crypto 2016-01-23 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XMB-WEAK-CRYPTO.txt Vendor: ============== xmbforum2.com Product: ====================================== XMB - eXtreme Message Board v1.9.11.13 XMB forum software is open sourc [ more ] [ reply ] January 2016 - Bamboo - Critical Security Advisory 2016-01-22 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/VzlZLw . CVE IDs: * CVE-2014-9757 - Deserialisation in Smack. * CVE-2015-8360 - Deserialisation in Bamboo. * CVE-2015-8361 - Missing authentication checks i [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" 2016-01-21 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, executable installers [°] created with the WiX Toolset (see <http://wixtoolset.org/>, and of course the WiX Toolset installer itself too) resp. using its bootstrapper "burn.exe" are vulnerable: see <https://www.firegiant.com/blog/2016/1/20/wix-v3.10.2-released/> 1. They load and execute a [ more ] [ reply ] SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices 2016-01-21 SEC Consult Vulnerability Lab (research sec-consult com) Disclaimer: Although the backdoor vulnerability is quite a serious matter, we have published an accompanying blog post to this technical advisory which sheds a more funny light on this topic. Visit our blog at http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account -in.html for more [ more ] [ reply ] Oracle HtmlConverter.exe Buffer Overflow 2016-01-21 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-HTMLCONVERTER-BUFFER-O VERFLOW.txt Vendor: =============== www.oracle.com Product: ======================================== Java Platform SE 6 U24 HtmlConverter.exe Prod [ more ] [ reply ] QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20 issues github com QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app. Original GitHub issue : https://g [ more ] [ reply ] Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19 urikanonov gmail com Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19 urikanonov gmail com Vendor Response Continuation ============================ The issue is a limitation of the KNOX 1.0 architecture, which was removed by KNOX 2.0. VPNs that implement their own certificate pinning can be trusted with KNOX 1.0 containers, as a result. The vendor encourages users to upgrade to KNOX 2.x. [ more ] [ reply ] Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability Advisory ID: cisco-sa-20160120-d9036 Revision 1.0 For Public Release 2016 January 20 16:00 UTC (GMT) +---------------------------------------------------------------- [ more ] [ reply ] [SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20 Salvatore Bonaccorso (carnil debian org) Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability Advisory ID: cisco-sa-20160120-ucsm Revision: 1.0 For Public Release 2016 January 20 16:00 UTC (GMT) +-------------------------------------------- [ more ] [ reply ] [CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20 bugtraq internetwache org Hello, Vulnerability information =============== Date: 13th January 2016 Product: Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 Vendor: OpenVAS <http://www.openvas.org/> Risk: Low, CVSS 1.9 (AV:A/AC:M/Au:M/C:P/I:N/A:N) Description =============== It has been identified that Greenbone Se [ more ] [ reply ] LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker Name: HTTP Header Injection in LiteSpeed Web Server Affected Software : LiteSpeed Web Server Affected Versions: v5.1.0 and possibly below Vendor Homepage : https://www.litespeedtech.com/ Vulnerability Type : HTTP Header Injection Severity : Med [ more ] [ reply ] |
|
Privacy Statement |
to authentication bypass due to insecure implementation of register
globals emulation. An attacker is able to override the blockKeys array
and thus build a valid session and access all the protected
functionality (including executi
[ more ] [ reply ]