Apple Security Advisory 2016-08-25-1 - iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities.
5c8254f6d029f1bd1d46ecd3f6c71e08629723831b6317f16c4037f0d55ee4b6JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.
889f5e3dd07c7308e8658794c8da5c0f5284acb131eb8f9f9a5633ddc0a01a18Traditional hardware 2FA tokens are increasingly being replaced by "soft" tokens – software OTP generators packaged into regular smartphone apps that run on iOS or Android. This is more convenient for users but also exposes the tokens to attacks by mobile malware and manual attacks. To compensate for these risks, many software token vendor apply a combination of obfuscation, anti-tampering, and cryptography. The question is, how effective are these measures in protecting the users' data? In this paper, the author shows different kinds of attacks that can be used to reverse engineer OTP algorithms and extract the stored secrets. Techniques range from classical static and dynamic analysis to custom kernel sandboxes and full-system emulation. The author demonstrates proof-of-concept exploits for current soft tokens of major vendors, and explain methods of assessing the effectiveness of a given set of obfuscation.
dfddec2a3011688d5204b41866d859bf209f9d75098433f3997a79ab1b4de264Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.
ca565817d3ce7b6ada51f79927008a327710729db5d5e96af07939a94de5a0bdUbuntu Security Notice 3069-1 - It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.
501aedaad4ec423bfaa8963bc9240d1596336e79197ccc47ff97929d717a25d3FreePBX version 13.0.35 suffers from a remote code execution vulnerability.
9f37827142bf53b0013d7940253b895919f35fe0422d0f437e0b24e641c86bbdJD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.
4f1e778e88e221bb4ce3c6afa9a34ba2a2c2b9ca7fc096f5c96232f9c74fe045JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.
c8d127427c2da707a52dde5b0e9cf0feca87adcede5955d36f02c566422d65b7JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.
f554646aa3f6dfa37e5cf970dfccc59f2a82098df1f7e66dec5919c9d1c7de0dJD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.
f62b06ca46ce6a950bf75e81bcd7d1a68c1c5faa0828341fcfd2c92b0be3d0e8Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.
259e1178ca32777e61016eaf9c26499e22db2bed9b9f9028eb31c3fc116900c6WebKitGTK+ suffers from same-origin bypass, information disclosure, memory corruption, and various other vulnerabilities.
c93c90aa095a8005973c2738f5cdc52a381cac0a35ec331ae2bb11cdd652f0a6Dotclear version 2.9.1 allows authenticated users to leverage the RSS import functionality to scan ports of the internal network.
b4ca9a915294a5f4bbde53e55111eef594e01219e39ac3a8e6cd43243e379090Dotclear version 2.9.1 suffers from a remote shell upload vulnerability.
ba8acc3417c99536c3b107bc026c7f484a8fbe713e64b1bc8e9382c721b867afDotclear version 2.9.1 suffers from a directory download vulnerability.
12d8a11be25e1fffa3e1545be1c56d3281f8b11c9eb0a5d1daf717597c92f8b4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed