The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
5069dfc0c3a2f60acb67d9fd214f1accMODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
c9f4c76ea59500d8e946f3d410dc3d0fwebEdition version 6.3.8.0 suffers from a path traversal vulnerability.
b12b120f23cd306f4088537f63c4bf8eDA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
0511fe8004506146c94cef634534f905Apple Security Advisory 2014-09-17-2 - Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various other vulnerabilities.
0993b6307f7ede7b0fe1d393f80ca225Apple Security Advisory 2014-09-17-1 - iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities.
155906b43100fa7d132d2f3d9768bda2Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.
80ab4909ac015f459dad4bc8597377bcClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
d7023e0da35113b2992633670ea94c69Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
d79e8f899309348c1aba017cb0e3496cWordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
6ffbc090afb2ab5144e238532753b1b8WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
064709c69db2b45f9da21abd526d54b9OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
12423c36d9018ba4d8211591c1b6875fOsClass version 3.4.1 suffers from a local file inclusion vulnerability.
7faeb4e3fe466936268f6e034424628bFreeBSD Security Advisory - The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
d0d69a580db330d7ee9f522fb50ad2b5Ubuntu Security Notice 2319-3 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
51e1023d9034fb572c72f220afbc408aUbuntu Security Notice 2349-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
80a0fdee83eb78a4f73254802b04a45bRed Hat Security Advisory 2014-1255-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
6d93c4f0f09d5a5f1415a109337dd5c7Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.
0932b8f36903303fbe5f877fcb1b2d74Debian Linux Security Advisory 3025-1 - It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).
b7677f0cbbd7eade767d383f5700e00eseafile-server version 3.1.5 suffers from a denial of service vulnerability.
9d78a9e91a600b009eb21ff57fa5a15dMIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.
bdbc3ec524ee2d27be2ff11affa37e01A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
af5b9689dfffa8b38cd4359a37afc747MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable wifi.
fdfdc95c49ddd399960fea1fdde5d180Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
1cc1fded4992b35bce2153081612884b
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed