Säkerhet

Ubiquiti airOS Arbitrary File Upload

Packet storm - tis, 2016-05-24 17:52
This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.
Kategorier: Säkerhet

PowerFolder 10.4.321 Remote Code Execution

Packet storm - tis, 2016-05-24 17:46
PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.
Kategorier: Säkerhet

AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection

Packet storm - tis, 2016-05-24 17:37
AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-1100-01

Packet storm - tis, 2016-05-24 17:33
Red Hat Security Advisory 2016-1100-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.
Kategorier: Säkerhet

XenAPI For XenForo 1.4.1 SQL Injection

Packet storm - tis, 2016-05-24 17:32
XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.
Kategorier: Säkerhet

Debian Security Advisory 3586-1

Packet storm - tis, 2016-05-24 17:20
Debian Linux Security Advisory 3586-1 - It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-1098-01

Packet storm - tis, 2016-05-24 17:20
Red Hat Security Advisory 2016-1098-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-1099-01

Packet storm - tis, 2016-05-24 17:19
Red Hat Security Advisory 2016-1099-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.
Kategorier: Säkerhet

MediaLink MWN-WAPR300N Insecure Session

Packet storm - tis, 2016-05-24 17:10
MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.
Kategorier: Säkerhet

Infobae Cross Site Scripting

Packet storm - tis, 2016-05-24 17:08
The Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.
Kategorier: Säkerhet

Shellsploit Framework Beta 0.3

Packet storm - tis, 2016-05-24 14:22
Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.
Kategorier: Säkerhet

Debian: 3579-1: xerces-c: Summary

Linux Security - tis, 2016-05-24 13:45
Kategorier: Säkerhet

Debian: 3578-1: libidn: Summary

Linux Security - tis, 2016-05-24 13:45
Kategorier: Säkerhet

Debian: 3577-1: jansson: Summary

Linux Security - tis, 2016-05-24 13:45
Kategorier: Säkerhet

Debian: 3576-1: icedove: Summary

Linux Security - tis, 2016-05-24 13:45
Kategorier: Säkerhet

Counterfeiting With Cisco IP Communicator

Packet storm - tis, 2016-05-24 03:11
Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.
Kategorier: Säkerhet

Stegano 0.5.4

Packet storm - mån, 2016-05-23 18:07
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-1096-01

Packet storm - mån, 2016-05-23 18:01
Red Hat Security Advisory 2016-1096-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.
Kategorier: Säkerhet

Debian Security Advisory 3585-1

Packet storm - mån, 2016-05-23 18:01
Debian Linux Security Advisory 3585-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.
Kategorier: Säkerhet

JobScript Remote Code Execution

Packet storm - mån, 2016-05-23 17:57
JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin-ajax.php' script thru the 'name' and 'file' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php' extension (to bypass the '.htaccess' block rule) that will be stored in '/jobmonster/wp-content/uploads/jobmonster/' directory.
Kategorier: Säkerhet