Oracle HtmlConverter.exe Buffer Overflow

2016-01-20 Thread hyp3rlinx
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-HTMLCONVERTER-BUFFER-OVERFLOW.txt Vendor: === www.oracle.com Product: Java Platform SE 6 U24 HtmlConverter.exe

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability

2016-01-20 Thread Onur Yilmaz
Information Advisory by Netsparker Name: HTTP Header Injection in LiteSpeed Web Server Affected Software : LiteSpeed Web Server Affected Versions: v5.1.0 and possibly below Vendor Homepage : https://www.litespeedtech.com/ Vulnerability Type : HTTP Header Injection Severity :

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability

2016-01-20 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability Advisory ID: cisco-sa-20160120-d9036 Revision 1.0 For Public Release 2016 January 20 16:00 UTC (GMT

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys

2016-01-20 Thread issues
QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app. Original GitHub issue :

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability

2016-01-20 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability Advisory ID: cisco-sa-20160120-ucsm Revision: 1.0 For Public Release 2016 January 20 16:00 UTC (GMT

[SECURITY] [DSA 3450-1] ecryptfs-utils security update

2016-01-20 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3450-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2016

[CVE-2016-1926] XSS in Greenbone Security Assistant 6.0.0 and < 6.0.8

2016-01-20 Thread bugtraq
Hello, Vulnerability information === Date: 13th January 2016 Product: Greenbone Security Assistant 6.0.0 and < 6.0.8 Vendor: OpenVAS Risk: Low, CVSS 1.9 (AV:A/AC:M/Au:M/C:P/I:N/A:N) Description === It has been identified that Greenbone

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3

2016-01-20 Thread urikanonov
Vendor Response Continuation The issue is a limitation of the KNOX 1.0 architecture, which was removed by KNOX 2.0. VPNs that implement their own certificate pinning can be trusted with KNOX 1.0 containers, as a result. The vendor encourages users to upgrade to KNOX

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3

2016-01-20 Thread urikanonov
Vendor Response Continuation KNOX 2.0 fixes the issue. KNOX 2.3 makes some further improvements (with the introduction of Sensitive Data Protection), but even KNOX 2.0 has a different key derivation scheme.