DUMPit is an exploit for the SHAREit mobile app abusing two recently discovered vulnerabilities affecting SHAREit Android application versions 4.0.38 and below. The first one allows an attacker to bypass SHAREit device authentication mechanism, and the other one enables the authenticated attacker to download arbitrary files from the user's device. Both vulnerabilities were reported to the vendor and patches have been released.
dca3c57e123cd7505a079d465df0e3ed6eb0383632d057de092d08aa581a3e30Ubuntu Security Notice 3898-2 - USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Various other issues were also addressed.
1d29daa586638d1687e2c77add0bb7c8b731fb2a215cc537c3825c522bfe4767Slackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue.
5c1cdf9684c784e3419f4f62d1ea6abbe56bd1569166ff01ede23c6e0f9a6356Ubuntu Security Notice 3898-1 - Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
65d8d1d3213e311db3f67d9de307f4175536c1d87172fe22447aa6e2df8f42f3Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.
314dd057e4f3b505847675be956a215758d853b3d9060ea0c5c55356b5e867b6Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service.
fb9baf689c47875cf56ed6918386a270499142ea5e915be52d8936b09ba2adbbZentyal Server Development Edition version 6.0 suffers from a cross site scripting vulnerability.
1dd3682af8e86e66ede142a3e3ecd5ee4b86fe668c2a76bb2b415cc98deb0bf2Chrome suffers from a use-after-free vulnerability in FileWriterImpl.
2dd17dbd1895915d6546d52f25a07461fc335eb44dcded0bf7d33720916ebe5cUbuntu Security Notice 3895-1 - It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service.
2b2e15be3d1d6bdd1eeb95b8e0be3f5ad3dc34c9b908b95f55d32d379fe55a61Chrome suffers from a use-after-free vulnerability in the RenderProcessHostImpl binding for P2PSocketDispatcherHost.
11fb3cadf252944e7b29e9069845929d7d4986f025488c7c0c80f5dc9b88bb27tcpdump was found to suffer from multiple out-of-bounds read vulnerabilities.
cea131972888984634d05f66fcb925a4eaa31822c00269467fbc5939cb230885Chrome suffers from a use-after-free vulnerability in RenderFrameHostImpl::CreateMediaStreamDispatcherHost.
fb031633c01be0530ba93f915787ad97df1516fb4d5cc8dcbb8d0b436e7ca99aUbuntu Security Notice 3896-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code.
a72423c41131d6f0eab08f80f97e7919e4ef553b52bff4b3bdc59fce70235de0THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7c615622d9d22a65b007e545f2d85da06c422a042f720bd6c5578a1844dec40eUbuntu Security Notice 3897-1 - A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b874881641fd7509c472416c48d3b2ffe94626ff3840fa1538992148440c2484Simple Online Hotel Reservation System suffers from multiple cross site request forgery vulnerabilities.
c37555b23a0682c85d048543ed9bbd91aee430dfb3252aaa2d192b608774e2d2Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
4108d89cd5aacaa5aba00bce1d89efdaca7515189ceb474f8a7a6e3a9ecd5ac2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed