Sony Closes Backdoors in IP-Enabled Cameras

Sony, in late November, provided a firmware update for a popular IP-enabled camera line used by enterprises and law enforcement alike that closed off remote administration backdoors. The backdoors could be abused to draft these devices into botnets or allow for manipulation of images and...

CVE-2016-2952

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

UBUNTU-CVE-2016-8630

The x86decodeinsn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service host OS crash via a certain use of a ModR/M byte in an undefined instruction...

NULL pointer reference denial of service vulnerability in ntpd

Network Time Protocol NTP is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. Synchronizing a computer's clock to UTC ensures that data interactions in a network can proceed smoothly.NTPD Network Time Protocol daemon is an operating...

ntp: ntpd crash when processing config commands with statistics type

It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation e.g. timingstats was referenced by the statistics or filegen configuration command...

Foxit Reader and PhantomPDF Read-Over-Boundary Vulnerability (CNVD-2016-10513)

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. An out-of-bounds read vulnerability exists in Foxit Reader and PhantomPDF versions prior to 8.1 on Windows-based platforms. When the gflags application is enabled, a remote...

Foxit Reader and PhantomPDF Denial of Service Vulnerability (CNVD-2016-10514)

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A denial of service vulnerability exists in the ConvertToPDF plug-in in Foxit Reader and PhantomPDF versions prior to 8.1 on Windows-based platforms. When the gflags application...

CVE-2016-8878

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return...

CVE-2016-8876

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."...

SSL Enabled Basic Auth Credential Harvester: phishery

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document...

CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

IoT Botnets Are The New Normal of DDoS Attacks

If you’ve been on the wrong end of what passes for a modern-day DDoS attack, you’re well familiar with the firepower of the almighty DVR. That’s right, the innocuous set-top box responsible for the posterity of your Game of Thrones seasons 1-6 is behind some of the biggest swarming attacks agains...

Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

MGASA-2016-0333 Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

Netscaler Gateway license not getting applied and ICA user count shows as 0

Netscaler Gateway license not getting applied and ICA user count shows as 0 in GUI and CLI both. show ns license output shows as below: Http DoS Protection: YES Dynamic Routing: YES Content Filtering: YES Integrated Caching: NO SSL VPN: YES Maximum users = 5 Maximum ICA users = 0...

Citrix Gateway VPN Users are Unable to Resolve IPv4 DNS When ISP has IPv6 Enabled

Citrix Gateway VPN users are not able to resolve IPv4 DNS when their ISP has IPv6 enabled...

CVE-2016-7044

The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...

Kerberos Security Feature Bypass

Exploit Title: Kerberos Security Feature Bypass Vulnerability Kerberos to NTLM Fallback Date: 22-09-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 and Windows 10 x64 CVE : CVE-2016-3237 Category: Local Exploits & Privilege Escalation SPECIAL CONFIG: Standard Domain...

UBUNTU-CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

Университет ИТМО - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application Университет ИТМО published at the 'play' market has multiple vulnerabilities...