BSNL Teracom Router Firmware Rewrite / Link Modification

Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...

J.P. Morgan Mobile - Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application J.P. Morgan Mobile published at the 'play' market has multiple vulnerabilities...

phpCollab CMS 2.5 Cross Site Request Forgery

Document Title: =============== phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1911 Release Date: ============= 2016-08-17 Vulnerability Laboratory ID VL-ID: ====================================...

Приват24 Бизнес - Dangerous filesystem permissions, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Приват24 Бизнес published at the 'play' market has multiple vulnerabilities...

PowerWare Ransomware Masquerades as Locky to Intimidate Victims

A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics. According to researchers, a new versi...

Fedora 23 : 2:docker (2016-6a0d540088)

built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker containers on Fedora ---- built docker...

The vulnerability of the General Parallel File System allows a perpetrator to execute an application with administrator privileges.

The vulnerability of the General Parallel File System is related to insufficient authentication of network packets when the cipherList configuration parameter is enabled. Exploiting this vulnerability allows a malicious actor to execute an application with administrator privileges remotely...

The vulnerability of the Cisco Wireless LAN Controller 4100 software allows a malicious individual to cause service failure.

The vulnerability in the monitoring service of Multimedia Delivery MLD for Cisco Wireless LAN Controllers WLC – when the MLDv2 Snooping function is enabled – allows malicious actors operating remotely to trigger a device reboot by using improperly crafted IPv6 MLDv2 packets...

The vulnerability of the WebSphere Application Server software allows a malicious attacker to compromise the accessibility of protected information.

A vulnerability in the web server plugin of IBM WebSphere Application Server WAS, when the POST requester function is enabled, allows malicious actors operating remotely to cause a service failure abnormal termination of the daemon...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

A memory leak in the winntaccept function in server/mpm/winnt/child.c, within WinNT MPM in the Apache HTTP Server, when the standard AcceptFilter is enabled, allows malicious actors operating remotely to trigger a denial-of-service attack by using specially crafted requests...

The vulnerability of the Cisco Wireless LAN Controller 2500 software allows a malicious individual to cause service failure.

The vulnerability in the monitoring service of Multimedia Delivery MLD for Cisco Wireless LAN Controllers WLC – when the MLDv2 Snooping function is enabled – allows malicious actors operating remotely to trigger a service failure rebooting the device by using improperly crafted IPv6 MLDv2 packets...

DEBIAN-CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by sending 1 a spoofed crypto-NAK packet or 2 a packet with an incorrect MAC value at a certain time...

HackerOne: Know undisclosed Bounty Amount when Bounty Statistics are enabled.

Hi, When a program does not disclose How much bounty is paid to particular report , but if bounty statics is enabled then undisclosed Bounty Amount can be enumerated. For example Uber does not disclose bounty awarded to particular researcher but show bounty statics so we can write a script that...

Fortinet FortiWeb Path Traversal Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

kernel-rt: Sending SysRq command via ICMP echo request

A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and...

CVE-2016-4802

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 security.dll, 2 secur32.dll, or 3 ws232.dll in the application or current...

LHV - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application LHV published at the 'play' market has multiple vulnerabilities...

Discount Bank - Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Discount Bank published at the 'play' market has multiple vulnerabilities...

CVE-2016-4087

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets...