Ubuntu Security Notice 3455-1 - Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with using key reinstallation attacks to obtain sensitive information. Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. Various other issues were also addressed.
5ea1473561df45ed73f31c70c3bec7ed067a0d030ebc28a43d266854cc54e8f7EMC Isilon OneFS suffers from a reflected cross site scripting vulnerability. Versions prior to 8.1.0.1, prior to 8.0.1.2, prior to 8.0.0.6, and 7.2.1.x are affected.
e4e7afbd444952c1a4a040ffa0abeb64181e5add2a1a0a92462825db33bfdd0aBro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
ab95b1bc376282919e5fa6b25b5ef8864e2e7bd5efe842db35d4a223b8f5b970EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, and prior to 9.2.0.4 are affected.
369450dcc54bb4e682d177bc26e40df0e16897100df6e263e0947a432e6a9ef83CX Phone System version 15.5.3554.1 suffers from an authentication directory traversal vulnerability.
cb8441731c281734813f4bef268b3e660c081b462aef261d1518f5370b639c0cThis Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
2e3040700072408f7b3e65366db82fb095611d37a4356fc577ee4baae450cfbaThis advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.
79957168f93861bbb46f21290a78b65b360080d54ec073682cd4e16fbff74b4bThe Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.
9b0a218fd882e743c80327592b205f6e39c6228c5a3712d6268189b601f7b6ccIt was discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when certain conditions are met.
df3e313f07d61ff89fc862c824163045a8e74728fbcc9c72a590b5aa05157bffMicro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities.
20d06be514a3c5e7552eac8487a7e2ef90f88d1a1ad22ca6b61679bef1d32ed1Debian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
bbccd2dbf27455717295f61b841a4fcef26948a1a53f5e1bcd8dac20bc273919Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.
d11573ef8f901da4b1c7a343b9844592c00e8cb689d9d4a889cdc4549e895f61Gentoo Linux Security Advisory 201710-16 - A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. Versions less than 4.5 are affected.
2561b8b5111e5c41d59c002a90f8845ee3941649bcfa081a3ec3b3616b119217Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.
7bdd578be202b278bcaaefbcc9d6e1f9481932cdadde98dfd4ce55ede0123ded117 bytes small Windows x64 API hooking shellcode.
f65ca16c9880c69fba79d9edb26034ff8eebcfc0f6dbc894f96fb07378636fd5WordPress Influencer Marketing and Press Release System plugin version 2.2 suffers from a cross site scripting vulnerability.
39c521eb50ba77a7bc8850419d4f5955419cdccad20c6e741de0dfe4a75d5f80
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed