Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

Cisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities. ======================================================================= title: Multiple Vulnerabilities...

Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE...

Packabit project: building Nmap deb packages for Ubuntu

During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...

IBM QRadar Incident Forensics Information Disclosure Vulnerability (CNVD-2018-25037)

IBM QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigations of suspected malicious network security incidents, and the repair of network security vulnerabilities. A security vulnerability exists in IBM QRada...

Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Siglent Technologies SDS 1202X-E Digital Oscilloscope vulnerable version: V5.1.3.13 fixed version: - CVE number: - impact: High homepage...

MCExtractor - Intel, AMD, VIA & Freescale Microcode Extraction Tool

Intel, AMD, VIA & Freescale Microcode Extraction Tool MC Extractor News Feed MC Extractor Discussion Topic Intel, AMD & VIA CPU Microcode Repositories A. About MC Extractor MC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users...

curl: IDNA 2003 makes curl use wrong host

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specif...

Adult Website Hack Exposes 1.2M ‘Wife Lover’ Fans

The database underlying an erotica site known as Wife Lovers has been hacked, making off with user information protected only by a simple-to-crack, outdated hashing technique known as the DEScrypt algorithm. Over the weekend, it came to light that Wife Lovers and seven sister sites, all similarly...

NUUO CMS Code Execution Vulnerability (CNVD-2018-21167)

NUUO CMS is a set of centralized software management platform from NUUO. The platform is used to centrally manage devices such as NVRs hard disk recorders and IP cameras, and provides functions such as user management and alarm management. A security vulnerability exists in NUUO CMS version 3.1 a...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

GHSA-762F-C2WG-M8C8 Denial of Service in protobufjs

Versions of protobufjs before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid .proto files. Recommendation Update to version 5.0.3, 6.8.6 or later...

Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation Vulnerabilities

Intel Extreme Tuning Utility version 6.4.1.23 suffers from code execution, privilege escalation, and denial of service vulnerabilities. Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation Hi @ll, the executable installer of the Intel Extreme Tuning Utility, version 6.4.1.2...

Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation

Hi @ll, the executable installer of the Intel Extreme Tuning Utility, version 6.4.1.23 Latest, released 5/18/2018, available from via is SURPRISE! vulnerable. CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Vulnerability 0: ================= The executable installer XTU-Setup.exe comes with at least...

curl: IDNA 2003 makes curl use wrong host

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

Unauthorized Requests

libcurl.so is vulnerable to unauthorized requests. The library uses outdated IDNA standards when handling domain names, allowing a user to transfer network requests to the wrong host...

CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...