RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
10ba9811f23c37c12915b9bd4bba8ac2Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
4f380c77e8e99020d7e7e86a74e6ebaeApple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
fff71b887019a0188bc4405b1923235dDebian Linux Security Advisory 3908-1 - An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.
2d367b8f14fc73b9768c34d3df9ea843Sitecore CMS version 8.2 suffers from cross site scripting and file disclosure vulnerabilities.
4858233c0ae712bdc0b065aba7a0cab1DataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability.
4b412721586372d97d957ff8f8b6d297Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.
ab733eb3ce590ffbb6683f715c26e63aApache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
b530e7bbb86b2191fd3c6186258dd8ecHumax Digital HG100R version 2.0.6 suffers from backup disclosure, root credential disclosure, and cross site scripting vulnerabilities.
d929ed2b472ae8a416c2a4ab898c7996RSA Archer GRC version 6.2.0.2 suffers from bypass, cross site request forgery, information disclosure, open redirection, and cross site scripting vulnerabilities.
6cf471214abe6297b8b4c071b0aa43fdTrihedral VTScada versions prior to 11.2.26 suffer from resource consumption, cross site scripting, and information disclosure vulnerabilities.
cb976665ca752634c866774df96acaffKaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
834309bd7c681fce682800c2b27a31c0sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
83e7a0c6f72cf203c3bcde494776603cInvision Power Board version 4.1.19.2 suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities.
a22518e9d6c3e73504202b0d32770349Debian Linux Security Advisory 3880-1 - It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.
8171c625f6e81ca504335f56b54b7a5bA vulnerability in libsndfile 1.0.28, caused due to an error in the"aiff_read_chanmap()" function (src/aiff.c), can be exploited tocause an out-of-bounds read memory access via a specially crafted AIFFfile.
7669a3bafb3caccacdea3abab9f24b61Easy Chat Server versions 2.0 through 3.1 suffer from a pre-authentication remote password disclosure vulnerability.
3c01293170c99129593e85c65aec56a0WordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.
7bcdc75fa62438d580fa7352ad149ad6Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
351e7980ee3be97f07ceb95ec237ce90Google I/O 2017 application for Android versions prior to 5.1.4 suffer from a man-in-the-middle vulnerability.
4c78f3a47ec015914186a354d550ed89Belden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.
8949d517d817b9e09093f7a3619d4d39Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5 SP2 suffers from faulty access controls, stored cross site scripting, and information disclosure vulnerabilities
d4dbc13600c87476e40eeb35bbb2c927Various Mimosa products suffer from denial of service, information leakage, code execution, and file disclosure vulnerabilities.
8fefeb6dcd43f7f2bc9969105e2384a2ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.
3d95db7d42745579a0c76b4da4866297HP Security Bulletin HPESBGN03740 1 - Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. Revision 1 of this advisory.
62127b6680a77c81ac8a8b51205bee42
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed