October 10, 2017—KB4041678 (Security-only update)

October 10, 2017—KB4041678 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers...

MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)

According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. %NASLMINLEVEL 70300 C Tenable Network Security,...

Microsoft Windows Multiple Vulnerabilities (KB4041693)

This host is missing a critical security update according to Microsoft KB4041693 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4041681)

This host is missing a critical security update according to Microsoft KB4041681 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4042895)

This host is missing a critical security update according to Microsoft KB4042895 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4041689)

This host is missing a critical security update according to Microsoft KB4041689 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4041690)

This host is missing a critical security update according to Microsoft KB4041690 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3991-1 : qemu - security update

Multiple vulnerabilities were found in qemu, a fast processor emulator : - CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. - CVE-2017-12809 Denial of service in the CDROM device drive emulation. - CVE-2017-13672 Denial of service in VGA display emulation. - CVE-2017-13711...

Debian: Security Advisory (DSA-3991-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-12239

CVE-2017-12239 affects Cisco IOS XE on ASR 1000 and cBR-8 line-card systems. The root cause is the presence of an engineering console port on the motherboard of removable line cards, enabling an unauthenticated, physical attacker to connect to the console and gain full access to the device OS. Af...

Design/Logic Flaw

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000...

CVE-2016-5868

drivers/net/ethernet/msm/rndisipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process...

CVE-2016-5868

drivers/net/ethernet/msm/rndisipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process...

Code injection

drivers/net/ethernet/msm/rndisipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process...

CVE-2016-5868

drivers/net/ethernet/msm/rndisipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process...

Foodspotting Clone 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Foodspotting Clone v1.0 - SQL Injection/Reflected XSS Date: 2017-09-13 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0...

The vulnerability in the Bluetooth stack profile of the Android operating system allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability in the Bluetooth stack of the Android operating system’s Personal Area Networking PAN service is related to incorrect security requirements. Exploiting this vulnerability allows a remote attacker to create a network interface and use it to execute a “man-in-the-middle” attack...

Foodspotting Clone 1.0 - SQL Injection

Foodspotting Clone 1.0 - SQL Injection Exploit Title: Foodspotting Clone v1.0 - SQL Injection/Reflected XSS Date: 2017-09-13 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0 Tested on: Kal...

Foodspotting Clone 1.0 - SQL Injection

Exploit Title: Foodspotting Clone v1.0 - SQL Injection/Reflected XSS Date: 2017-09-13 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...

AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - Multiple vulnerabilities exist in the zlib subcomponent that allow an unauthenticated, remote attacker to trigger denial of service conditions. CVE-2016-9840,...