|
|
Colapse all |
Post message
[SECURITY] [DSA 3334-1] gnutls28 security update 2015-08-12 Salvatore Bonaccorso (carnil debian org) [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values 2015-08-12 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault Predictable encryption passwordsfor Configuration Values 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile [ more ] [ reply ] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 2015-08-12 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device [ more ] [ reply ] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery 2015-08-12 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault Keystream Recovery 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device would be able to decrypt creden [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-219-01) 2015-08-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-219-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] QNAP crypto keys logged on unencrypted disk partition in world accessible files 2015-08-07 Andreas Steinmetz (ast domdv de) Affected devices: ================= Probably all QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804. Verified on TS-453S Pro and TVS-471, both with Firmware 4.1.4 Build 0522. Probably fixed with Firmware 4.1.4 Build 0804 (incriminating message gone, tho [ more ] [ reply ] [slackware-security] mozilla-nss (SSA:2015-219-02) 2015-08-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-nss (SSA:2015-219-02) New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/pa [ more ] [ reply ] Device Inspector v1.5 iOS - Command Inject Vulnerabilities 2015-08-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Ferrari - PHP CGI Argument Injection (RCE) Vulnerability 2015-08-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ferrari - PHP CGI Argument Injection (RCE) Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1562 Video: http://www.vulnerability-lab.com/get_content.php?id=1561 Vulnerability Magazine: http://magazine.vuln [ more ] [ reply ] Thomson Reuters FATCA - Arbitrary File Upload 2015-08-07 jakub palaczynski ingservicespolska pl Title: Thomson Reuters FATCA - Arbitrary File Upload Author: Jakub Pałaczyński Date: 10. June 2015 CVE: CVE-2015-5951 Affected software: ================== All versions of Thomson Reuters FATCA below v5.2 Exploit was tested on: ====================== Thomson Reuters FATCA v5.1.0.30 De [ more ] [ reply ] Re: [FD] Mozilla extensions: a security nightmare 2015-08-06 Stefan Kanthak (stefan kanthak nexgo de) (2 replies) "Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote: > W^X applies to memory protection, completely irrelevant here. I recommend to revisit elementary school and start to learn reading! http://seclists.org/bugtraq/2015/Aug/8 | JFTR: current software separates code from data in virtual memory and | uses [ more ] [ reply ] RE: [FD] Mozilla extensions: a security nightmare 2015-08-07 Steve Friedl (steve unixwiz net) (1 replies) RE: [FD] Mozilla extensions: a security nightmare 2015-08-07 Frank Waarsenburg (fwaarsenburg ram-it nl) (1 replies) Re: [FD] Mozilla extensions: a security nightmare 2015-08-07 Jakob Holderbaum (hi jakob io) (1 replies) Re: [FD] Mozilla extensions: a security nightmare 2015-08-07 Teddy A PURWADI (teddyap access net id) Re: [FD] Mozilla extensions: a security nightmare 2015-08-06 Stefan Kanthak (stefan kanthak nexgo de) "Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote: > This makes no sense. Right. "W^X" obviously doesnt make sense to YOU. > Administrator can write everywhere and users can write their own > directories. There is no privilege escalation here, no security > boundary being crossed. Who wrote anything about [ more ] [ reply ] Re: [FD] Mozilla extensions: a security nightmare 2015-08-06 Stefan Kanthak (stefan kanthak nexgo de) "Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote: > If it can only be written by your own user, what would be the > security boundary being crossed here? Please read AGAIN what I already wrote! | The security boundary created by privilege separation ie. Administrator/root vs. "user" | and installation of [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:19.routed 2015-08-05 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch 2015-08-05 FreeBSD Security Advisories (security-advisories freebsd org) Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows 2015-08-05 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the just released latest version 5.0.0.5 of LibreOffice.org for Windows distributes (once again) a completely outdated and vulnerable MSVC++ runtime. The installer package LibreOffice_5.0.0_Win_x86.msi contains the files msvcp80.dll 8.0.50727.42 msvcr80.dll 8.0.50727.42 Micros [ more ] [ reply ] |
|
Privacy Statement |
# This module requires Metabuffer: http://metabuffer.com/download
# Current source: https://github.com/rapid7/metabuffer-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
#Rank definition: http://dev.metabuffer.com/redmine/projects/framework/wiki/Exploit_Rankin
g
#Manu
[ more ] [ reply ]