This advisory outlines 9 different vulnerabilities in Android. Some have been addressed while others have not.
f20ea77aed0ad871a849ae4a62616d2116c1535db652007f120f29161fba53aaMF Sniffer is a python script for capturing unencrypted TSO login credentials. It requires Scapy. Given an interface, IP and port this script will try to sniff mainframe user IDs and passwords sent over cleartext using TN3270 (tested against x3270, TN3270Plux and TN3270X). This script does not work if the mainframe is using SSL encryption.
2f8ddc0ba0bec2aac0376b8862e3276847ef5e50cf7cb4cd1696b477d19a726dMandriva Linux Security Advisory 2013-025 - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted mxit/imagestrips pathname. Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service via a crafted packet. upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service by leveraging access to the local network. This update provides pidgin 2.10.7, which is not vulnerable to these issues.
1947a7196d370ec292c6d6196bc378f7ab94ffd059b4a95d0ad67f48a214a6e6Ubuntu Security Notice 1762-1 - Ansgar Burchardt discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling InRelease file support completely. Various other issues were also addressed.
7ec4d9c9b620d30a5c750c688a228afc8aed1ace705b6394604cb8ec05f2f0fcGoogle Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.
922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62A confirmed security vulnerability has been identified with 30 high traffic web sites owned by QuinStreet. The vendor stores database IDs in cookies which are easily spoofed (USERID_COOKIE), allowing all user information to be accessed.
12c6c5deb30c5b87678c3f751877699e042013d41da09a3c32d7c0543db5a1a8An integer overflow vulnerability exists in the .qvw file format parser in QlikView Desktop Client version 11.00 SR2. A parameter that is responsible for the section length is checked improperly, which causes a heap overflow if any value bigger than 0x80000000 is set. Successful exploitation of this vulnerability could result in an arbitrary code execution within the QlikView Desktop client.
f1abbcb05d9f6164954a8e6deae36e2eeaaf00dbcf2183495a8690b131f1d1e5Ubuntu Security Notice 1761-1 - It was discovered that PHP incorrectly handled XML external entities in SOAP WSDL files. A remote attacker could use this flaw to read arbitrary files off the server.
a139f03fd0b8a9c748ca3fca8449ab784e6431886e31fd02762b622672ee72b4Red Hat Security Advisory 2013-0645-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.
a8cabf84038ae0764d72ecd6fea22297f2eefbe04f4249e586339230dee77f43This paper summarizes the findings from NCC's research into Akamai while providing advice to companies wishing to gain the maximum security when leveraging their solutions.
87bf6bdbd4a217dca83340b5158fe1ee1bc60e71894efd187434a3521fc29c37nCircle IP360 version 7.0 discloses the LDAP password in cleartext in their HTML code.
65936fc21494ca5ba065730abc8ffc017c2866821962e6b47e4b86851827acdfClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.
a568735b6f3205c221aee116bd737215c0b537dd6bb646bc342ef61168392866Red Hat Security Advisory 2013-0644-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.
475507b92ce71db9cb57c1004a1e40e6e3069b3a0f28f93ae6c857128a6be8dfCisco Video Surveillance Operations Manager version 6.3.2 suffers from cross site scripting, access bypass, and local file inclusion vulnerabilities.
889a7c95fe9ba307b4476548a140238036f8459886d5305efa04819e7fdd2104Open-Xchange version 6 suffers from cross site scripting, local file inclusion, HTTP header injection / response splitting, missing SSL enforcement, server-side request forging, insecure password hashing, and file permission vulnerabilities.
8be9974c5b91f42a1ca77eb417301430aea4147dc0179c425ee43fbe9ef5c36e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed