IRZ RUH2 3G Firmware Overwrite Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-138-01 iRZ RUH2 3G Firmware Overwrite Vulnerability that was published May 17, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT has identified a firmware overwrite vulnerability in iRZ’s RUH2 device. iRZ has...

experts-exchange.com XSS vulnerability

Vulnerable URL: http://www.experts-exchange.com/searchResults.jsp?searchType=ALL=...

kamailio -- SEAS Module Heap overflow

Stelios Tsampas reports: A remotely exploitable heap overflow vulnerability was found in Kamailio v4.3.4...

brotli -- buffer overflow

Google Chrome Releases reports: 583607 High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli. Mozilla Foundation reports: Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially...

Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0060 Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially...

OpenDocMan 1.3.4 - Cross-Site Request Forgery

Exploit for php platform in category web applications 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor:...

ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications 1. Introduction Affected Product: Atutor 2.2 Fixed in: partly in ATutor 2.2.1-RC1, complete in 2.2.1 Fixed Version Link: http://www.atutor.ca/atutor/download.php Vendor Website: http://www.atutor.ca/ Vulnerability Type: XSS Remote Exploitable:...

Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Der

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=512 IOUserClient::connectClient is an obscure IOKit method which according to the docs is supposed to "Inform a connection of a second connection." In fact IOKit provides...

Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=595 The field at IntelAccelerator+0xe60 is a pointer to a GSTContextKernel allocated in the ::gstqCreateInfoMethod. In the ::start method this field is initialized to NUL...

SAP HANA hdbindexserver Memory Corruption

ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 2197428...

D-Link Webcam Hack Turns IoT Device into Backdoor

Connecting a webcam to your home or office network might seem like a harmless thing, but researchers have figured out how to turn that connected device into a backdoor. Researchers at Vectra Networks today released a report demonstrating how a $30 D-Link webcam can be abused by attackers and turn...

SAP Hostcontrol remote DOS

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...

SAP ASE ODATA Server - Denial of Service

Application: SAP ASE Versions Affected: SAP ASE 16 Vendor URL: SAP Bugs: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2330422 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Denial of Service...

SAP Hybris E-commerce Suite VirtualJDBC SQL Injection

Application: SAP Hybris E-commerce Vendor URL: SAP Bugs: SQL Injection Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.02.2016 Reference: SAP replied “Due to the fact that this issue is inside Hybris cloud we don’t provide a security note. Please mention inside your...

SAP Adaptive Server Enterprise - DoS vulnerability

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: SAP Bug: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author: Vahgan Vardanyan ERPScan...

Netduma R1 1.03.4 / 1.03.5 Cross Site Request Forgery

Introduction Affected Product: Netduma R1 Router Affected Versions: 1.03.4 and 1.03.5 Link: http://www.netduma.com/firmware/R1-v-1-03-4.sig Vendor Website: https://netduma.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/19/2015 Disclosed to public: 12/29/2015 Credits:...

Arastta 1.1.5 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...

Arastta 1.1.5 - SQL Injection Vulnerability

Exploit for php platform in category web applications Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery

Exploit for php platform in category web applications Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported t...

Grawlix 1.0.3 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/201...