Heap overflow and information disclosure vulnerabilities exist in Apple's setVendorIE when handling ioctl results.
3777e2aae23fd65779213ee09ccc433bZKTeco ZKTime Web version 2.0.1.12280 suffers from an information disclosure vulnerability.
6b7fa287e7bbc910a93f0b738525a4b8D-Link DIR8xx routers suffer from a credential disclosure vulnerability.
caed8d87329d913d76f39a2df76a112aUbuntu Security Notice 3413-1 - It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information.
529421b638ac4fbb77c3229b47b374bdJGI CMS version 1.0 suffers from a source disclosure vulnerability.
6e800b1204da31637584ab47164182c4D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.
806b47aee2ece40feb77375c1dcacc3dEE 4GEE wireless router version EE60_00_05.00_25 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities.
c4b9a415add552983b5133ebe5cfad74A2billing version 2.x suffers from backup disclosure, remote code execution, and remote SQL injection vulnerabilities.
32231b06b60ab43184d0a99f25e0e59cLexmark Scan to Network (SNF) printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability.
a2f8f1bd1016da9a8c59d02c7ed56417DIGISOL DG-BG1100N suffers from a ROM-0 backup disclosure vulnerability.
0a0fbe11323fb171cf44fe97f8d9d71cRed Hat Security Advisory 2017-2492-01 - XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service.
819cb939df0a91198cf7f34e6d3f07d8TP-Link TD-W8901G suffers from default credential and authentication bypass vulnerabilities.
2b06bcd4f13729f6039bab7de4d929b7OSNEXUS QuantaStor version 4 suffers from multiple information disclosure vulnerabilities including user enumeration.
1ab104b90ac93d362e31c87855d2ab18Ubuntu Security Notice 3379-1 - It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission.
f83cac688e9ee7d46d8166778f498706This Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.
b99b70a5c20733224e88b86d90cc3957Debian Linux Security Advisory 3919-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification.
6c2713f08ae2abdb5017b6d2f567ae64RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
10ba9811f23c37c12915b9bd4bba8ac2Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
4f380c77e8e99020d7e7e86a74e6ebaeApple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
fff71b887019a0188bc4405b1923235dDebian Linux Security Advisory 3908-1 - An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.
2d367b8f14fc73b9768c34d3df9ea843Sitecore CMS version 8.2 suffers from cross site scripting and file disclosure vulnerabilities.
4858233c0ae712bdc0b065aba7a0cab1DataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability.
4b412721586372d97d957ff8f8b6d297Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.
ab733eb3ce590ffbb6683f715c26e63aApache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
b530e7bbb86b2191fd3c6186258dd8ecHumax Digital HG100R version 2.0.6 suffers from backup disclosure, root credential disclosure, and cross site scripting vulnerabilities.
d929ed2b472ae8a416c2a4ab898c7996
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed