Flaws Found in Popular Printer Models

Vulnerabilities in popular printer models made by HP, Dell and Lexmark expose the devices to attackers who can steal passwords, shut down printers and even steal print jobs. Academic researchers at the University Alliance Ruhr on Monday published a series of advisories and an informational wiki...

CVE-2017-3424

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2017-3289

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols...

OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

UBUNTU-CVE-2017-3258

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

Arbitrary Code Execution Via Man-in-the-Middle (MitM)

npm-test-sqlite3-trunk is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

Actiontec WCB3000N 0.16.2.5 Privilege Escalation

Device Details Vendor: Actiontec Telus Branded Model: WCB3000N Affected Firmware: v0.16.2.5 Device Manual: http://static.telus.com/common/cms/files/internet/wifiplusextender.pdf Reported: November 2015 Status: Fixed on newest pushed firmware version CVE: Update is handled by the vendor, therefore...

Downloads Resources over HTTP

Overview Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...

SAP Adaptive Server Enterprise 16 Denial Of Service

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author:...

1 2 years ago SSH vulnerability can also? IOT device security concern-vulnerability warning-the black bar safety net

! Overview According to foreign media the latest report, Akamai is the company's security research experts this week found a new type of attack. According to the security expert described, the attacker can use the one there for twelve years, SSH vulnerability, and with some security of the weaker...

FreeBSD : FreeBSD -- Multiple portsnap vulnerabilities (e7dcd69d-8ee6-11e6-a590-14dae9d210b8)

Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact : An attacker who can conduct man in the middle attack on the network at the time when portsnap is run can...

Command Execution Vulnerability in Huawei UMA

Huawei UMA Unified Maintenance Audit is a unified audit system. It provides a unified O&M operation portal, controls and records O&M operations performed by users, and supports auditing by command view and video playback. A command execution vulnerability exists in Huawei UMA. As the system does...

8 on 1 9: The Shadow-Brokers the leaked file description, technical analysis on-the vulnerability warning-the black bar safety net

! 0x01 exposure data with the equation and NSA relationship From the leaked data packet with the decompressed content to see, specifically for the firewall device attack and penetration action when the use of the tool set. According to the data exposed persons Shadow Brokers described, this packe...

Polycom Command Shell Authorization Bypass

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Polycom Command Shell Authorization Bypass', 'Alias' = 'pshauthbypass', 'Author' = 'Paul Haas ', module 'h00die ',...

Python urllib HTTP header injection vulnerability-vulnerability warning-the black bar safety net

The Python urllib library in Python 2 for urllib2 in Python 3 to urllib is a HTTP Protocol the following Protocol flow injection vulnerabilities. If an attacker can control the Python code to access an arbitrary URL, or allow Python code to access a malicious web servr, and that this vulnerabilit...

drchrono: Security Issue : CSRF Token Design Flaw

Introduction: Hello I am Bruin, a security researcher and analyst. I have been able to identify a bypass in your CSRF protection mechanism, which upon a successful execution can result in a successful CSRF attack on a victim's account. Description: CSRF Token's are different from session ID'S in ...

Pyersinia - Network Attack Tool

Pyersinia is a similar tool to Yersinia, but Pyersinia is implemented in Python using Scapy. The main objective is the realization of network attacks such as spoofing ARP, DHCP DoS , STP DoS among others. The community can add new attacks on the tool in a simple way, using plugins. This is becaus...

PNG image processing library libpng exposed vulnerability-a vulnerability warning-the black bar safety net

! According to the report: image processing library libpng recently exposed vulnerabilities, currently has a preliminary fix vulnerabilities. Currently the main problem is the libpng the popularity of the range is too wide: operating systemthe browser any with generating a thumbnail associated...

MGASA-2015-0397 Updated qemu packages fixes security vulnerabilities

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....