Rapid PHP Editor 14.1 - Remote Command Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt + ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Product: =============================== Rapid PHP Editor...

Rapid PHP Editor 14.1 - Remote Command Execution

Rapid PHP Editor 14.1 - Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt + ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Produc...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

USN-3115-1 python-django vulnerabilities

Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. CVE-2016-9013 Aymeri...

GATTacker - BLE (Bluetooth Low Energy) Man-in-the-Middle

A Node.js package for BLE Bluetooth Low Energy security assessment using Man-in-the-Middle and other attacks. Prerequisites see: https://github.com/sandeepmistry/noble https://github.com/sandeepmistry/bleno Install npm install gattacker Usage Configure Running both components Set up variables in...

Bitcoin Knots is vulnerable

Bitcoin is an e-currency, digital currency developed with open-source P2P software by the Bitcoin Foundation, and is an online virtual currency.Bitcoin Knots is one of the clients. A security vulnerability exists in Bitcoin Knots versions v0.11.0.ljr20150711 to v0.13.0.knots20160814, which stems...

django -- multiple vulnerabilities

The Django project reports: Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. User with hardcoded password created when running tests on Oracle DNS...

UBUNTU-CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...

CVE-2016-8889

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 fixed in v0.13.1.knots20161027, the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history...

Command injection

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 fixed in v0.13.1.knots20161027, the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history...

CVE-2016-8889

The CVE is for Bitcoin Knots, affecting versions v0.11.0.ljr20150711 through v0.13.0.knots20160814, with a fix in v0.13.1.knots20161027. The issue is that the debug console stores sensitive data (private keys and wallet passphrase) in its persistent command history, enabling potential exposure of...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-2079)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2079 advisory. 1:1.8.0.111-0.b15 - added nss restricting requires - Resolves: rhbz1381990 1:1.8.0.111-0.b15 - Turn debug builds on for all JIT architectures. Alwa...

SUSE-SU-2016:2565-1 Security update for dbus-1

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default...

java-1.8.0-openjdk security update

1:1.8.0.111-0.b15 - added nss restricting requires - Resolves: rhbz1381990 1:1.8.0.111-0.b15 - Turn debug builds on for all JIT architectures. Always AssumeMP on RHEL. - Resolves: rhbz1381990 1:1.8.0.111-0.b15 - Update to aarch64-jdk8u111-b15, with AArch64 fix for S8160591. - Resolves: rhbz138199...

Vimeo: Disclosure of sensitive information through Google Cloud Storage bucket

An insecure bucket was discovered on the GCP platform that had some debug information in it. Steps were taken to secure the bucket and it's contents...