Vulnerabilities Continue to Weigh Down Samsung Android Phones

Attackers have long had an affinity for having their way with Android phones, but the hammer seems to have really come down over the last few months when it comes to devices manufactured by Samsung. Independent Italian researcher Roberto Paleari discussed several bugs he recently found in Samsung...

Gaming Platforms as an attack vector against remote systems

Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are...

CVE-2013-1413

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...

Debian DSA-2635-1 : cfingerd - buffer overflow

Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Foscam Firmware 11.37.2.48 Path Traversal

CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...

[Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection

Onapsis Security Advisory 2013-005: SAP CCMS Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...

Debian Security Advisory DSA 2635-1 (cfingerd - buffer overflow)

Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. OpenVAS Vulnerability Test $Id: deb2635.nasl 6611 2017-07-07...

TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability w...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager dBClone February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...

TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...

TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager advReplicationAdmin TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...

TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL parameter February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7,...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager advReplicationAdmin February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits:...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager streams queue February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...

Nagios NRPE 2.13 Code Execution

Summary: --------------- CVE-ID: CVE-2013-1362 CVSS: Base Score 7.5 CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L Vendor: Nagios Affected Products: NRPE Affected Platforms: All Affected versions: '"\;" This allows the passing of $ to plugins/scripts which, if...

Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)

There are unspecified vulnerabilities in versions prior to version 2.2.1 of the Oracle Application Express component of the Oracle Database. The updated version of Apex contains '35 new security fixes for Oracle Application Express, 25 of which may be remotely exploitable without authentication'...

Oracle Application Express (Apex) Unspecified Issues (pre 3.1)

There are unspecified vulnerabilities in the Application Express component of the Oracle Database. The updated version 3.1 contains two security fixes for vulnerabilities of which one is remotely exploitable without authentication...

Wrapped WebIDL objects can be wrapped again — Mozilla

Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases...

SAP NetWeaver Message Server - Multiple Vulnerabilities

SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...