Axis Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally...

kamailio -- SEAS Module Heap overflow

Stelios Tsampas reports: A remotely exploitable heap overflow vulnerability was found in Kamailio v4.3.4...

Netgear N300 Authentication Bypass Vulnerability

Netgear N300 routers suffer from an authentication bypass vulnerability that allows for complete compromise. COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Netgear Router Firmware N3001.1.0.311.0.1.img and N300-1.1.0.281.0.1.img Vendor: NETGEAR CVE ID: requeste...

nevisAuth Authentication Bypass Vulnerability

nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...

PayPal Notify - Cross Site Request Forgery Vulnerability

Document Title: =============== PayPal Notify - Cross Site Request Forgery Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1584 Video: https://www.youtube.com/watch?v=1NO4I28J-0s Release Date: ============= 2015-08-25 Vulnerability Laboratory ID VL-ID:...

KLA10626 Code execution vulnerability in Adobe Flash Player

Use-after-free and memory corruption vulnerabilities were found in Adobe Flash Player. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via an unknown vectors. Original advisories Adobe advisory Exploitation Public...

CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Alessandro Zala [email protected] Andreas Hunkeler...

Soreco AG Xpert.Line 3.0 Authentication Bypass

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Author: Alessandro Zala [email protected] Andreas Hunkeler...

Thycotic Secret Server 8.8.000004 - Persistent Cross-Site Scripting

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

Thycotic Secret Server 8.8.000004 - Stored XSS Vulnerability

Exploit for multiple platform in category web applications COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable...

Thycotic Secret Server 8.8.000004 Cross Site Scripting

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

Siemens SIMATIC S7-1200 CSRF Vulnerability

OVERVIEW Siemens has identified an CSRF Cross-Site Request Forgery vulnerability in the SIMATIC S7‑1200 CPUs. This vulnerability was reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training. Siemens has produced a firmware update to mitigate...

Sendio ESP Information Disclosure Vulnerability

1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio Release mode: Coordinated release 2. Vulnerability Information Class: OWASP Top Ten 2013...

Remotely Exploitable Vulnerabilities in SAP Compression Algorithms

The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in...

The multiple vulnerabilities in the mingw32-libxml2-static-2.7.6 package of the Red Hat Enterprise Linux operating system allow a malicious entity to compromise the confidentiality, integrity, and accessibility of protected information.

The multiple vulnerabilities in the mingw32-libxml2-static-2.7.6 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libvorbis package in the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

KLA10565 Denial of service vulnerabilities in SQLite

Multiple integer and buffer overflows were found in SQLite. By exploiting these vulnerabilities malicious users can cause denial of service or conduct other unknown impact. These vulnerabilities can be exploited remotely via a specially designed input. Original advisories - Related products SQLit...

Baxter SIGMA Spectrum Infusion System Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...

Dropbox Patches Remotely Exploitable Vulnerability in SDK

Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the storage app that enabled attackers to connect applications to a Dropbox account without the user’s consent. This could have opened users up to the theft of information from any app that use...

Android Wi-Fi Direct Vulnerability Disclosed

Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today. The issue was reported to the Android security team on Sept. 26 and in subsequent communication between the two...