ABUS Secvest Hybrid module (FUMO50110) suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an attacker can spoof messages of the ABUS Secvest Hybrid module based on sniffed status RF packets that are issued by the ABUS Secvest Hybrid module on a regularly basis (~2.5 minutes).
164e9f6290e63311d3c3156fd7ad2815UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
3e301124ea57f3db26a5f9a966481f4dUbuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.
7008565679641f0d4d2c4c80f6ec42cfCrystal Shard http-protection version 0.2.0 suffers from an IP spoofing bypass vulnerability.
6d1cdc2247ff8ed8eefca89cf866d2cdUbuntu Security Notice 4373-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird did not correctly handle Unicode whitespace characters within the From email header. An attacker could potentially exploit this to spoof the sender email address that Thunderbird displays.
48d9b8ae7ffedbd250b8387a84151b42Ubuntu Security Notice 4353-2 - USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code.
3245c740a022b08af03b652a81194a54Red Hat Security Advisory 2020-2054-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.5 serves as a replacement for Open Liberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section. Issues addressed include information leakage and spoofing vulnerabilities.
9012305fd3a682ecd827792eb468f906Red Hat Security Advisory 2020-2050-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Issues addressed include buffer overflow, spoofing, and use-after-free vulnerabilities.
f0f509c8a98f1e75861b31968984da9fRed Hat Security Advisory 2020-2049-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Issues addressed include buffer overflow, spoofing, and use-after-free vulnerabilities.
ae525081640b49f2af16d43b6181f1d0Red Hat Security Advisory 2020-2046-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Issues addressed include buffer overflow, spoofing, and use-after-free vulnerabilities.
3e4800352ed0aad7ce80437030bbc415Red Hat Security Advisory 2020-2047-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Issues addressed include buffer overflow, spoofing, and use-after-free vulnerabilities.
76812eb9d4e5beb44737115e4c7aef70Red Hat Security Advisory 2020-2048-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Issues addressed include buffer overflow, spoofing, and use-after-free vulnerabilities.
8e7056da973aa24d67c47a3ae5e0653aRed Hat Security Advisory 2020-1600-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Issues addressed include a spoofing vulnerability.
ee447e9682bd8a0914c76a6f8ca2f36cRed Hat Security Advisory 2020-1080-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Issues addressed include OpenPGP signature spoofing and certificate errors being ignored.
5d279dd12e732119aa0950652fc2313fUbuntu Security Notice 4299-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy protections, or execute arbitrary code. Various other issues were also addressed.
67cbdfdad2dfc914c5dc998ef6ee9902Google Invisible RECAPTCHA version 3 suffers from a spoofing bypass vulnerability.
03e20cd2aa23071dfe0c93c4d8a7b255UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
e31177e7f9c739a115f003ef4f391543Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.
cf62237f168cf7deb01854b6eb594a7dThis is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.
d2c133f541a9d87a0a3240f578df147dWindows Defender Antivirus version 4.18.1908.7-0 suffers from a file extension spoofing vulnerability.
bf4d6995971178b6b1ea80749698ee1fUbuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
9fff7c893619a32a00e008fd58151899A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.
ee1a1fa2b58f6637bd250813eb471ce4Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.
391e341bfa1cc6482ebc52fb1b742723Debian Linux Security Advisory 4524-1 - Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons.
385d667cf9db801e7e92a0c327da4fcdZyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.
0939a6e730c410be2d31a0edca0b654c
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed