Authentication flaw

Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and 1 read or 2 modify a Voice Time Set configuration settings via a request to voice.htm or b UniFinger configuration settings via a request to bf.htm, a different vulnerability than...

CVE-2015-5618

The CVE-2015-5618 entry concerns Chiyu BF-630 and BF-630W fingerprint access-control devices. The documented vulnerability allows remote attackers to bypass authentication and read or modify configuration data: (1) Voice Time Set via a request to voice.htm and (2) UniFinger configuration via a re...

Passgen - Random Character Generator Crunch to Crack WPA/WPA2

Passgen is an alternative for the random character generator crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output opposed to generating a list like so, aaaaaaaa, aaaaaaab, aaaaaac, etc. Example usuage with aircrack-ng python passgen.py -l | sudo aircrack-ng --bssid...

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT which espfix checks, and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses...

kernel: race condition between chown() and execve()

A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the syst...

iTunes for Windows < 11.2 Multiple Vulnerabilities

Binary data 9397.prm...

D-Link DNS Devices Authentication Bypass Vulnerability

Authentication bypass vulnerability in D-Link DNS devices. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink";...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors...

CVE-2015-3691

The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer...

Null pointer dereference

The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer...

php: buffer overflow in phar_set_inode()

A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

PCS Daemon (pcsd) Cookie Signing Multiple Vulnerabilities

The remote host is affected by multiple vulnerabilities due to a failure by the PCS daemon pcsd to properly set flags in the 'Set-Cookie' header : - A security bypass vulnerability exists due to a failure to set the 'secure' flag. A remote attacker can exploit this to spoof cookies and bypass...

rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

DreamBox DM500s Cross Site Scripting

DreamBox DM500s Reflected XSS Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Summary: The Dreambox DM500s is a Linux-powered DVB satellite, terrestrial and cable digital television receivers set-top box. Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma...

Yelp: [engineeringblog.yelp.com] CRLF Injection

CRLF Injection via Request-URI PoC: https://engineeringblog.yelp.com/xxcrlftest%0d%0aSet-Cookie:%20test=test;domain=.yelp.com HTTP Response: HTTP/1.1 301 Moved Permanently ... Location: http://engineeringblog.yelp.com/xxcrlftest Set-Cookie: test=test;domain=.yelp.com Result: Creating a cookie-par...

FreeBSD : rest-client -- session fixation vulnerability (83a7a720-07d8-11e5-9a28-001e67150279)

Andy Brody reports : When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

PHP Multiple Function Security Bypass Vulnerabilities

PHP is a general-purpose web programming language. A security bypass vulnerability exists in the PHP setincludepath, tempnam, rmdir, and readlink functions, where by accepting null values in a path, a remote attacker can submit special values to bypass security controls on the path values...

CVE-2015-4138

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

Design/Logic Flaw

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

CVE-2015-4138

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...