Apple Security Advisory 2016-08-25-1 - iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities.
07f40793541dc1268d62637545c5a37bJD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.
9cbe6d324fe414e808dcf607ae6201f5Traditional hardware 2FA tokens are increasingly being replaced by "soft" tokens – software OTP generators packaged into regular smartphone apps that run on iOS or Android. This is more convenient for users but also exposes the tokens to attacks by mobile malware and manual attacks. To compensate for these risks, many software token vendor apply a combination of obfuscation, anti-tampering, and cryptography. The question is, how effective are these measures in protecting the users' data? In this paper, the author shows different kinds of attacks that can be used to reverse engineer OTP algorithms and extract the stored secrets. Techniques range from classical static and dynamic analysis to custom kernel sandboxes and full-system emulation. The author demonstrates proof-of-concept exploits for current soft tokens of major vendors, and explain methods of assessing the effectiveness of a given set of obfuscation.
a9db1a7fe90c1cb8eb650f278285bd57Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.
0922890e944e8216e1f60dcee586c3fbUbuntu Security Notice 3069-1 - It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.
309ddf16d63e4acb02b26de0e31b1b1bFreePBX version 13.0.35 suffers from a remote code execution vulnerability.
e3dbeca6f9c10ffe4f3770bc6392da82JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.
69fa010562e4c831a8d9cb840938e402JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.
fb180e7b732cdec7848a07c238bf1e90JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.
1243df18e3963e319039544a9868ae27JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.
b24fdca83977b39ea768ef46ae26593eMicro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.
6b54a385df31372c3fbf7bd670761a24WebKitGTK+ suffers from same-origin bypass, information disclosure, memory corruption, and various other vulnerabilities.
1372e353266255ad9c50b04c6e5178aeDotclear version 2.9.1 allows authenticated users to leverage the RSS import functionality to scan ports of the internal network.
ca01bf2b744a7e452d33ec9fcbe0f8dbDotclear version 2.9.1 suffers from a remote shell upload vulnerability.
0dc55b44729f1bf8db31a659479c8849Dotclear version 2.9.1 suffers from a directory download vulnerability.
590710f6db16300c971def486af49043
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed