Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech WebAccess Stack-based Buffer Overflow
1. *Advisory Information*
Title: Advantech WebAccess Stack-based Buffer Overflow
Advisory ID: CORE-2014-0010
Advisory URL:
http://www.coresecurity.com/advisories/advantech-webAcce
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech EKI-6340 Command Injection
1. *Advisory Information*
Title: Advantech EKI-6340 Command Injection
Advisory ID: CORE-2014-0009
Advisory URL:
http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection
Da
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech AdamView Buffer Overflow
1. *Advisory Information*
Title: Advantech AdamView Buffer Overflow
Advisory ID: CORE-2014-0008
Advisory URL:
http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow
Date pub
Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM
CVE: CVE-2014-7137
Vendor: Dolibarr ERP & CRM
Product: Dolibarr ERP & CRM
Affected version: 3.5.3
Fixed version: 3.6.1
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an
authe
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via
Insecure RPATH in Compaq/Hewlett Packard Glance for Linux
CVE: CVE-2014-2630
Vendor: Compaq/Hewlett Packard
Product: Glance for Linux
Affected version: 11.00 and subsequent
Fixed version: HPSBMU03086 rev.3
Reported by: Tim
Vulnerability title: Insufficient Input Validation By IO Slaves In KDE e.V. KDE
CVE: CVE-2014-8600
Vendor: KDE e.V.
Product: KDE
Affected version: kwebkitpart <= 1.3.4, kde-runtime <= 4.14.3, kio-extras <=
5.1.1
Fixed version: Contact distribution vendor
Reported by: T. Brown and D. Burton
Details
Short FAQ
Q: Is it BadUSB?
A: Not exactly, but kind of. Can be applied to Android gadgets.
Q: Is it local or remote stuff?
A: Can be done remotely (web/sms) for 4G/3G modems
Q: Any threats to ICS?
A: Yes
Q: Huawei?
A: Not limited to...
Q: Who are our heroes?
A: Alexey Osipov, Timur Yunusov, Al
Vulnerability title: Arbitrary Code Execution In Faronics Deep Freeze Standard
and Enterprise
CVE: CVE-2014-2382
Vendor: Faronics
Product: Deep Freeze Standard and Enterprise
Affected version: Before and including v8.10
Fixed version: N/A
Reported by: Kyriakos Economou
Details:
The latest, and ea