Apple Security Advisory 2016-08-25-1 - iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities.
5c8254f6d029f1bd1d46ecd3f6c71e08629723831b6317f16c4037f0d55ee4b6
JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.
889f5e3dd07c7308e8658794c8da5c0f5284acb131eb8f9f9a5633ddc0a01a18
Traditional hardware 2FA tokens are increasingly being replaced by "soft" tokens – software OTP generators packaged into regular smartphone apps that run on iOS or Android. This is more convenient for users but also exposes the tokens to attacks by mobile malware and manual attacks. To compensate for these risks, many software token vendor apply a combination of obfuscation, anti-tampering, and cryptography. The question is, how effective are these measures in protecting the users' data? In this paper, the author shows different kinds of attacks that can be used to reverse engineer OTP algorithms and extract the stored secrets. Techniques range from classical static and dynamic analysis to custom kernel sandboxes and full-system emulation. The author demonstrates proof-of-concept exploits for current soft tokens of major vendors, and explain methods of assessing the effectiveness of a given set of obfuscation.
dfddec2a3011688d5204b41866d859bf209f9d75098433f3997a79ab1b4de264
Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.
ca565817d3ce7b6ada51f79927008a327710729db5d5e96af07939a94de5a0bd
Ubuntu Security Notice 3069-1 - It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.
501aedaad4ec423bfaa8963bc9240d1596336e79197ccc47ff97929d717a25d3
FreePBX version 13.0.35 suffers from a remote code execution vulnerability.
9f37827142bf53b0013d7940253b895919f35fe0422d0f437e0b24e641c86bbd
JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.
4f1e778e88e221bb4ce3c6afa9a34ba2a2c2b9ca7fc096f5c96232f9c74fe045
JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.
c8d127427c2da707a52dde5b0e9cf0feca87adcede5955d36f02c566422d65b7
JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.
f554646aa3f6dfa37e5cf970dfccc59f2a82098df1f7e66dec5919c9d1c7de0d
JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.
f62b06ca46ce6a950bf75e81bcd7d1a68c1c5faa0828341fcfd2c92b0be3d0e8
Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.
259e1178ca32777e61016eaf9c26499e22db2bed9b9f9028eb31c3fc116900c6
WebKitGTK+ suffers from same-origin bypass, information disclosure, memory corruption, and various other vulnerabilities.
c93c90aa095a8005973c2738f5cdc52a381cac0a35ec331ae2bb11cdd652f0a6
Dotclear version 2.9.1 allows authenticated users to leverage the RSS import functionality to scan ports of the internal network.
b4ca9a915294a5f4bbde53e55111eef594e01219e39ac3a8e6cd43243e379090
Dotclear version 2.9.1 suffers from a remote shell upload vulnerability.
ba8acc3417c99536c3b107bc026c7f484a8fbe713e64b1bc8e9382c721b867af
Dotclear version 2.9.1 suffers from a directory download vulnerability.
12d8a11be25e1fffa3e1545be1c56d3281f8b11c9eb0a5d1daf717597c92f8b4