[FD] UCanCode multiple vulnerabilities

2016-11-25 Thread Carlo Di Dato
http://shinnai.altervista.org/exploits/SH-0025-20161123.html - UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm

[FD] NEW VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability

2016-11-25 Thread VMware Security Response Center
??-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- - - VMware Security Advisory Advisory ID: VMSA-2016-0021 Severity:Moderate Synopsis:VMware product updates address partial information

[FD] [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)

2016-11-25 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-107 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Low Solution

[FD] [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks

2016-11-25 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-106 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Missing Protection against Replay Attacks Risk Level:

[FD] [SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks

2016-11-25 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-072 Product: Protect 9061 Manufacturer: Olympia Affected Version(s): Article No. 5943 rev.03 Tested Version(s): Article No. 5943 rev.03 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution

[FD] [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks

2016-11-25 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-071 Product: Smart GSM Alarm SA 2500 Kit Manufacturer: Blaupunkt Affected Version(s): v1.0 Tested Version(s): v1.0 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open

[FD] [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks

2016-11-25 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-066 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution

[FD] [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)

2016-11-25 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-064 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Improper Restriction of Excessive Authentication

[FD] Red Hat JBoss EAP deserialization of untrusted data

2016-11-25 Thread Agazzini Maurizio
Security Advisory @ Mediaservice.net Srl (#05, 23/11/2016) Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untrusted data via

[FD] [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition

2016-11-25 Thread Dawid Golunski
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition CVE-2016-7098 Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Severity: Medium GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability

[FD] The HS-110 Smart Plug aka Projekt Kasa

2016-11-25 Thread Curesec Research Team (CRT)
Content Table 1. Introduction 2. The Firmware 3. The Android Application 4. The Problems 5. Conclusion 6. Appendix 6.1. Excursion Dalvik 6.2 Control script 1. Introduction The HS-110 is a Smart Plug meaning it is capable of being controlled with commands via a network. TP-Link released a mobile

[FD] CVE-2013-3120 MSIE 10 MSHTML CEditAdorner::Detach use-after-free details

2016-11-25 Thread Berend-Jan Wever
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the nineteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these

[FD] Microsoft Internet Explorer 11 MSHTML CGeneratedContent::HasGeneratedSVGMarker type confusion

2016-11-25 Thread Berend-Jan Wever
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the eighteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these

[FD] CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details

2016-11-25 Thread Berend-Jan Wever
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the seventeenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these

[FD] MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis

2016-11-25 Thread Ajin Abraham
Hello Folks, MobSF v0.9.3 is released. About MobSF Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast