The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
c3690f476187bf4b7bceed617052bbbc1450f4932dead991db1083b0707d5e1eMODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
896e235037a75dfd399a6f028da7f8f942cfe7ede4331bb0775a05c0e3064ee2webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
ec005fe83de7331a8a07d62daabf90f9ab9273ce575f1297e75142a6f7bfd2aeDA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
900a69552ae4f2e1b99cd5231bc485c4e70297254407c0b371ac96a0d19853b9Apple Security Advisory 2014-09-17-2 - Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various other vulnerabilities.
c7b02c75d378a545f8aa6249ce72817c0d53275ba9408b5e1c074ffa5b986f5aApple Security Advisory 2014-09-17-1 - iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities.
9aea82d38a9a0bbd2a4dc19603d0bb6cbf3c4bc828f5ec2b4416c139ceb66db7Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.
0a42be4979149e6e258283d7685446461846950dbaf2939b187cc377e0d4ae30ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
a1a0d60bd1a776a335c6c68257966aad56e2df9f4539b06ada46bc128f8763acLivefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
6eccdbf0d02ef4c32c64da9928ac0666d213e0a528332a271898fa571fbd3865WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
993efa6dd07b224e9bb5b8fdab33d68bb547334c234e6e0ca083f1086bcc1733WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
53f460ac91c7d419b8bcb368ddda31921d0dbe302556c55c904f552f999c5396OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
7ce8f234f3fc7d597b6dee841a59a83f9c72744d959a65c980de8c3c542ca5daOsClass version 3.4.1 suffers from a local file inclusion vulnerability.
b57ade7f6829462047ddce456aabe66c7c6b4e59dec82158f58d6561c00f9dfbFreeBSD Security Advisory - The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
02d0df3d2b5a7093f57c850f50146352b4357f62fca2e1ebd401a0c679d05939Ubuntu Security Notice 2319-3 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
aefc793776a903cdbda6cd3bfc0f722696015d3319433e46ed16467a11e6e4f7Ubuntu Security Notice 2349-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
3a375c20af9de0288313f16d71a607d209b4175308d50cf64a4dd4f633c37214Red Hat Security Advisory 2014-1255-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
4b3a553590ae1cd575bd1c4417f87311c2d3268da73d593b7fe4ba259f7a3468Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.
33bf84d9f10ca8350a51545c2b108e19d75aedf8a3c9887089bcbb7f0eca8d72Debian Linux Security Advisory 3025-1 - It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).
7f48d15735dbc2babefb54aa8fa778108712207ca8eced88de418fa6d0860882seafile-server version 3.1.5 suffers from a denial of service vulnerability.
292d4506d9d6653341024ec2cafc303a777f6ba126e5032e2a14512b6d41a1b4MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.
d6921a18ffdaa38904d1331a1ef5ae95a6b488e9904853327611e542c0edc883A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
4daa646bde5895fbdd88288d9c9cd55da7cba639eaae92baee8ddd3f6afda65fMIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable wifi.
8f0385e79db656d96c679b780cecef8edc53320f2104c9d1fe56d10ff1f6cc51Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
d2e2153f6e4d656992f7440b3cb89926277a075073424d269287da5e78c20038
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed