-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2733-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2013
SEC Consult Vulnerability Lab Security Advisory 20130805-0
===
title: Vodafone EasyBox Default WPS PIN Algorithm Weakness
product: EasyBox 802 EasyBox 803
vulnerable version: EasyBox 802 - all
PuTTY SSH handshake heap overflow (CVE-2013-4852)
Description:
PuTTY versions 0.62 and earlier - as well as all software that
integrates these versions of PuTTY - are vulnerable to an integer overflow
leading to heap overflow during the SSH handshake before authentication,
caused
by improper
- Original release date: August 05, 2013
- Discovered by: Emilio Pinna (Application Security Analyst at Abinsula)
- Contact: (emilio (dot) pinn (at) gmail (dot) com)
- Severity: 4.3/10 (Base CVSS Score)
Some of the networked HP LaserJet printers have hidden URLs hardcoded in the
firmware. The URLs are not authenticated and can be used to extract admin
password in plaintext among other information like WiFi settings (including
WPS PIN).
Models affected:
HP LaserJet Pro P1102w, HP LaserJet
--
Joomseller Events Booking Pro and JSE Event reflected XSS
--
[+] Software Link:
-
Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities
-
== Description ==
- Software link: http://stackideas.com/sectionex
Huawei B153 3G/UMTS router WPS weakness
===
[ADVISORY INFORMATION]
Title: Huawei B153 3G/UMTS router WPS weakness
Discovery date: 21/05/2013
Release date: 05/08/2013
Advisory URL:
It would have been more prudent, to public this vulnerability AFTER patch
update (J! 3.1.6) is released - and not before.
