CVE-2018-13793

CVE-2018-13793 concerns ABBYY FlexiCapture’s HTTP API with multiple CSRF vulnerabilities affecting Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login prior to 12 Release 1 Update 7. The affected surface is the HTTP API in the mentioned modules; exploitation deta...

Security Bulletin: FileNet Capture is affected by GSKit and GSKit-Crypto vulnerabilities

Summary FileNet Capture has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Vulnerability Details CVEID: CVE-2017-3732 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x8664 Montgomery squaring procedure. An...

Mozilla: Media recorder segmentation fault when track type is changed during capture

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

Mozilla: Media recorder segmentation fault when track type is changed during capture

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

CVE-2018-1000600

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

UBUNTU-CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

Friday Squid Blogging: Capturing the Giant Squid on Video

In this 2013 TED talk, oceanographer Edith Widder explains how her team captured the giant squid on video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

My Little FormBook

This blog post is authored by Warren Mercer and Paul Rascagneres. Summary Cisco Talos has been tracking a new campaign involving the FormBook malware since May 2018 that utilizes four different malicious documents in a single phishing email. FormBook is an inexpensive stealer available as "malwar...

Automated Wireless Attack Tool: WiFite

Wifite is a Python script for auditing wireless networks which aims to be the “set it and forget it” wireless auditing tool. What’s new in Wifite 2? Less bugs Cleaner process management. Does not leave processes running in the background the old wifite was bad about this. No longer “one monolithi...

Security Bulletin: IBM Datacap Taskmaster Capture ActiveX Vulnerability (CVE-2014-0879)

Summary Taskmaster Web uses ActiveX controls to perform scanning and to display images in the browser on the client computer. One of the controls was found vulnerable to crafted hacking. Vulnerability Details CVEID: CVE-2014-0879 DESCRIPTION: Security vulnerability with Datacap ActiveX installed ...

Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary BlueZ is vulnerable to a denial of service, caused by a buffer over-read issue. By using a specially-crafted dump file, an attacker could exploit this vulnerability to cause the application to crash. IBM Tealeaf contains hard-coded credentials. A remote attacker could exploit this...

Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Multiple vulnerabilities in zlib and openSSL libraries can cause denial of service in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer...

Security Bulletin: Vulnerabilities in Memcached affect IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Heap-based buffer overflow vulnerabilities in Memcached affect IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On have addressed the...

Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. IBM Tealeaf Customer Experience on Cloud Network Capture Add-On has addressed the applicable CVEs. Multiple...

Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Multiple security vulnerabilities in memcached, PCRE, and PHP affect IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. Installation programs for the Windows components of IBM Tealeaf Customer Experience on Cloud Network Capture Add-On are vulnerable to attack under certain...

Security Bulletin: IBM Tealeaf Customer Experience internal connections not encrypted (CVE-2015-4961)

Summary Internal connections between IBM Tealeaf Customer Experience servers use unencrypted HTTP. Vulnerability Details CVEID: CVE-2015-4961 DESCRIPTION: In an IBM Tealeaf environment with multiple servers, connections to the Tealeaf Data Service, Search Service, Replay Service, and Tracking...

Security Bulletin: IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion (CVE-2013-6719 and CVE-2013-6720)

Summary IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion. These vulnerabilities may be exploited to compromise the host system. Vulnerability Details Two areas of vulnerability are found in the IBM Tealeaf CX Passive...

Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Change Data Capture installers (CVE-2016-4560)

Summary InstallAnywhere generates installation executables on Microsoft Windows which are vulnerable to a DLL-planting exploit affecting the Change Data Capture CDC components within the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Delivery families of products. Vulnerability...

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell tested on Kali Linux and Cyanogenmod 10.2 and uses aircrack-ng to scan for clients that are currently connected to access points AP. Those...