< Back to JetLib.com

jetlib.sec

« Expand/Collapse

Recent items

Skip to page: 1 2 3 4 ... 829

September 19, 2018
12:13
WordPress Wechat Broadcast 1.2.0 Local File Inclusion
» ‎ Packet Storm Security Misc. Files

WordPress Wechat Broadcast plugin version 1.2.0 suffers from a local file inclusion vulnerability.
Tags:

12:12
Roundcube rcfilters 2.1.6 Cross Site Scripting
» ‎ Packet Storm Security Exploits

Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.
Tags:

12:12
Roundcube rcfilters 2.1.6 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.
Tags:

12:12
Roundcube rcfilters 2.1.6 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.
Tags:

11:30
‘SHE BON’ is an Artful, Wearable, Sensual, Sensing Platform
» ‎ Hack a Day

SHE BON (that’s the French bon, or “good”) is an ambitious project by [Sarah Petkus] that consists of a series of wearable electronic and mechanical elements which all come together as a system for a single purpose: to sense and indicate female arousal. As a proponent of increased discussion and openness around the topic of sexuality, [Sarah]’s goal is to take something hidden and turn it into something obvious and overt, while giving it a certain artful flair in the process.

The core of the system is a wearable backpack in the shape of a heart, from which all …read more

Tags: the hackaday prize

11:22
#0daytoday #Radan-http service for Linux remote code execute Exploit [webapps #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Radan-http service for Linux remote code execute Exploit [webapps #exploits #0day #Exploit]
Tags:

11:09
Hackers Steal Credit Cards From Newegg, Researchers Say
» ‎ Packet Storm Security Headlines

Hackers Steal Credit Cards From Newegg, Researchers Say
Tags: headlinehackercybercrimedata lossfraud
11:09
Mirai Botnet Creators Praised For Helping FBI, Won't Serve Prison Time
» ‎ Packet Storm Security Headlines

Mirai Botnet Creators Praised For Helping FBI, Won't Serve Prison Time
Tags: headlinehackergovernmentmalwareusabotnetfbi
11:09
US State Department Confirms Staff Email Hack
» ‎ Packet Storm Security Headlines

US State Department Confirms Staff Email Hack
Tags: headlinehackergovernmentprivacyemailusadata losscyberwar
11:09
Hackers Peddle Thousands Of Air Miles On The Dark Web For Pocket Money
» ‎ Packet Storm Security Headlines

Hackers Peddle Thousands Of Air Miles On The Dark Web For Pocket Money
Tags: headlinehackercybercrimefraud
11:09
US Judge Allows E-Voting Despite Hack Fears
» ‎ Packet Storm Security Headlines

US Judge Allows E-Voting Despite Hack Fears
Tags: headlinegovernmentusafraudflaw

10:01
Industrial 3D Printing Uses Layers Like We’ve Never Seen Before
» ‎ Hack a Day

We’ve seen FDM printers lay down layers by extruding plastic in a line. We’ve seen printers use sintering and lithography to melt or cure one layer at a time before more print medium moves into place for the next layer. What we’ve never seen before is a printer like this that builds parts from distinct layers of substrate.

At the International Manufacturing Technology Show last week I spoke with Eric Povitz of Impossible Objects. The company is using a “sheet lamination process” that first prints each layer on carbon fiber or fiberglass, then uses a hydraulic press and an oven …read more

Tags: printer hacks
9:01
Join Hackaday For A Night Of Pre-Maker Faire Hacks
» ‎ Hack a Day

This weekend is the World Maker Faire in New York, and Hackaday will be there looking at the latest and greatest projects from makers around the globe. We’ll also be buying bottles of water for five dollars, but that’s another story entirely.

As always, this year’s World Maker Faire will be held at the wonderful New York Hall of Science, and the lineup is spectacular. There will be cosplay, and Adam Savage will be there with a half dozen Junior Mythbusters. There will be a twenty-six foot tall hydraulic hand trucked in from Burning Man. You’re looking at the greatest …read more

Tags: hackaday Columns
8:00
Braille on a Tablet Computer
» ‎ Hack a Day

Signing up for college classes can be intimidating, from tuition, textbook requirements, to finding an engaging professor. Imagine signing up online, but you cannot use your monitor. We wager that roughly ninety-nine percent of the hackers reading this article have it displayed on a tablet, phone, or computer monitor. Conversely, “Only one percent of published books is available in Braille,” according to [Kristina Tsvetanova] who has created a hybrid tablet computer with a Braille display next to a touch-screen tablet running Android. The tablet accepts voice commands for launching apps, a feature baked right into Android. The idea came to …read more

Tags: tablet hacks
7:00
Learn To Loop The Python Way: Iterators And Generators Explained
» ‎ Hack a Day

If you’ve ever written any Python at all, the chances are you’ve used iterators without even realising it. Writing your own and using them in your programs can provide significant performance improvements, particularly when handling large datasets or running in an environment with limited resources. They can also make your code more elegant and give you “Pythonic” bragging rights.

Here we’ll walk through the details and show you how to roll your own, illustrating along the way just why they’re useful.

You’re probably familiar with looping over objects in Python using English-style syntax like this:

These kind of statements are …read more

Tags: Software development

4:06
#0daytoday #WesternDigital #MyCloud Authentication Bypass Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #WesternDigital #MyCloud Authentication Bypass Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
Tags:
4:06
#0daytoday #Western Digital My Cloud Authentication Bypass Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Western Digital My Cloud Authentication Bypass Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
Tags:
4:05
#0daytoday #Moodle 3.x PHP Unserialize Remote Code Execution Exploit CVE-2018-14630 [webapps #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Moodle 3.x PHP Unserialize Remote Code Execution Exploit CVE-2018-14630 [webapps #exploits #0day #Exploit]
Tags:

4:00
Final Fantasy Exploit Teaches 32-bit Integer Math
» ‎ Hack a Day

One of the fun things about old video games, besides their obvious nostalgia, is that some of the more popular games have been pried apart and tinkered with for years, leading to a lot of new “development” within the games. This often uncovers some hidden gems that gamers might not have had any knowledge of during the game’s heyday, like this coding oddity found in Final Fantasy 7 that illustrates a lot about how 32-bit processors do math.

The original PlayStation used a 32-bit RISC processor, but the most significant bit could be used for integer signing. This means that …read more

Tags: games
1:00
Visual Schematic Diffs in KiCAD Help Find Changes
» ‎ Hack a Day

When writing software a key part of the development workflow is looking at changes between files. With version control systems this process can get pretty advanced, letting you see changes between arbitrary files and slices in time. Tooling exists to do this visually in the world of EDA tools but it hasn’t really trickled all the way down to the free hobbyist level yet. But thanks to open and well understood file formats [jean-noël] has written plotgitsch to do it for KiCAD.

In the high(er)-end world of EDA tools like OrCAD and Altium there is a tight integration between the …read more

Tags: misc hacks

0:00
Vuln: Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
Tags:
0:00
Vuln: Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
Tags:
0:00
Vuln: Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
Tags:
0:00
Vuln: Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
Tags:
0:00
Vuln: Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
Tags:
0:00
Vuln: Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
Tags:

September 18, 2018
22:53
[SECURITY] [DSA 4297-1] chromium-browser security update
» ‎ Bugtraq

Posted by Michael Gilbert on Sep 18
-------------------------------------------------------------------------
Debian Security Advisory DSA-4297-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
September 19, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser

Two vulnerabilities have been discovered...

Tags:

22:00
Soldering Like It’s 205 BC
» ‎ Hack a Day

Did you ever stop to think how unlikely the discovery of soldering is? It’s hard to imagine what sequence of events led to it; after all, metals heated to just the right temperature while applying an alloy of lead and tin in the right proportions in the presence of a proper fluxing agent doesn’t seem like something that would happen by accident.

Luckily, [Chris] at Clickspring is currently in the business of recreating the tools and technologies that would have been used in ancient times, and he’s made a wonderful video on precision soft soldering the old-fashioned way. The video …read more

Tags: classic hacks

20:42
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
» ‎ Bugtraq

Posted by Securify B.V. on Sep 18
------------------------------------------------------------------------
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------
Remco Vermeulen, September 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was...

Tags:
20:39
SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform
» ‎ Bugtraq

Posted by SEC Consult Vulnerability Lab on Sep 18
SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
=======================================================================
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
earlier unsupported versions
fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14
CVE...

Tags:

19:00
Super Magnesium: Lighter Than Aluminum, Cheaper Than Carbon Fiber
» ‎ Hack a Day

We think of high tech materials as the purview of the space program, or of high-performance aircraft. But there are other niche applications that foster super materials, for example the world of cycling. Magnesium is one such material as it is strong and light, but it has the annoying property of burning in its pure state. Alloys of magnesium meanwhile generally don’t combust unless they are ground fine or exposed to high temperatures. Allite is introducing a new line known as “super magnesium” which is in reality three distinct alloys that they claim are 30% lighter than aluminum, as well …read more

Tags: parts

18:49
Western Digital My Cloud Authentication Bypass
» ‎ Packet Storm Security Exploits

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
Tags:

18:49
Western Digital My Cloud Authentication Bypass
» ‎ Packet Storm Security Recent Files

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
Tags:

18:49
Western Digital My Cloud Authentication Bypass
» ‎ Packet Storm Security Misc. Files

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
Tags:

18:45
Dell EMC Unity Authorization Bypass / XSS / URL Redirection
» ‎ Packet Storm Security Advisories

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.
Tags:

18:45
Dell EMC Unity Authorization Bypass / XSS / URL Redirection
» ‎ Packet Storm Security Recent Files

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.
Tags:

18:45
Dell EMC Unity Authorization Bypass / XSS / URL Redirection
» ‎ Packet Storm Security Misc. Files

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.
Tags:

18:44
CA Release Automation NiMi 6.5 Remote Command Execution
» ‎ Packet Storm Security Exploits

CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.
Tags:

18:44
CA Release Automation NiMi 6.5 Remote Command Execution
» ‎ Packet Storm Security Recent Files

CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.
Tags:

18:44
CA Release Automation NiMi 6.5 Remote Command Execution
» ‎ Packet Storm Security Misc. Files

CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.
Tags:

18:42
Moodle 3.x PHP Unserialize Remote Code Execution
» ‎ Packet Storm Security Exploits

Moodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.
Tags:

18:42
Moodle 3.x PHP Unserialize Remote Code Execution
» ‎ Packet Storm Security Recent Files

Moodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.
Tags:

18:42
Moodle 3.x PHP Unserialize Remote Code Execution
» ‎ Packet Storm Security Misc. Files

Moodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.
Tags:

18:41
Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution
» ‎ Packet Storm Security Exploits

Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.
Tags:

18:41
Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution
» ‎ Packet Storm Security Recent Files

Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.
Tags:

18:41
Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution
» ‎ Packet Storm Security Misc. Files

Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.
Tags:

18:40
Red Hat Security Advisory 2018-2721-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.
Tags:

18:40
Red Hat Security Advisory 2018-2721-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.
Tags:

18:40
Red Hat Security Advisory 2018-2721-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.
Tags:

18:39
NUUO NVRMini2 3.8 Buffer Overflow
» ‎ Packet Storm Security Exploits

NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.
Tags:

18:39
NUUO NVRMini2 3.8 Buffer Overflow
» ‎ Packet Storm Security Recent Files

NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.
Tags:

18:39
NUUO NVRMini2 3.8 Buffer Overflow
» ‎ Packet Storm Security Misc. Files

NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.
Tags:

18:38
Ubuntu Security Notice USN-3722-6
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:38
Ubuntu Security Notice USN-3722-6
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:38
Ubuntu Security Notice USN-3722-6
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:38
Ubuntu Security Notice USN-3766-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:38
Ubuntu Security Notice USN-3766-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:38
Ubuntu Security Notice USN-3766-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:37
Bulk SQL Injection Test On Burp Requests
» ‎ Packet Storm Security Recent Files

Whitepaper called Bulk SQL Injection Test on Burp Requests.
Tags:

18:37
Bulk SQL Injection Test On Burp Requests
» ‎ Packet Storm Security Misc. Files

Whitepaper called Bulk SQL Injection Test on Burp Requests.
Tags:

18:36
Ubuntu Security Notice USN-3722-5
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3722-5 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:36
Ubuntu Security Notice USN-3722-5
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3722-5 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:36
Ubuntu Security Notice USN-3722-5
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3722-5 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
Tags:

18:35
Android Application Penetration Testing
» ‎ Packet Storm Security Recent Files

Whitepaper called Android Application Penetration Testing. Written in Persian.
Tags:

18:35
Android Application Penetration Testing
» ‎ Packet Storm Security Misc. Files

Whitepaper called Android Application Penetration Testing. Written in Persian.
Tags:

18:33
Linux/ARM Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode
» ‎ Packet Storm Security Recent Files

4 bytes small Linux/ARM jump back shellcode + execve("/bin/sh", NULL, NULL) shellcode.
Tags:

18:33
Linux/ARM Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode
» ‎ Packet Storm Security Misc. Files

4 bytes small Linux/ARM jump back shellcode + execve("/bin/sh", NULL, NULL) shellcode.
Tags:

17:59
Facebook Now Offers Bounties For Access Token Exposure
» ‎ Packet Storm Security Headlines

Facebook Now Offers Bounties For Access Token Exposure
Tags: headlinehackerdata lossfacebooksocial
17:58
A History Of Badgelife, Def Con's Unlikely Obsession With Artistic Circuit Boards
» ‎ Packet Storm Security Headlines

A History Of Badgelife, Def Con's Unlikely Obsession With Artistic Circuit Boards
Tags: headlinehackerconference

17:00
[webapps] LG SuperSign EZ CMS 2.5 - Local File Inclusion
» ‎ Exploit-DB

LG SuperSign EZ CMS 2.5 - Local File Inclusion
Tags:
17:00
[webapps] WordPress Plugin Localize My Post 1.0 - Local File Inclusion
» ‎ Exploit-DB

WordPress Plugin Localize My Post 1.0 - Local File Inclusion
Tags:
17:00
[webapps] WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
» ‎ Exploit-DB

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
Tags:
17:00
[webapps] Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
» ‎ Exploit-DB

Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
Tags:
17:00
[dos] Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
» ‎ Exploit-DB

Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Tags:
17:00
[dos] Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
» ‎ Exploit-DB

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Tags:

16:00
Robotic Fruit Fly Won’t Eat Your Fruit
» ‎ Hack a Day

The DelFly project has been busy since the last time we checked in on them. The Dutch team started 13 years ago and produced the smallest camera-carrying drone, and an autonomous tiny ornithopter. However, that ornithopter — now five years old — had to use some traditional control surfaces and a tail like an airplane which was decidedly not fruit fly-like. Now they’ve solved those problems and have announced the DelFly Nimble, a 13 inch and 1-ounce ornithopter. You can see the Nimble in the video below.

The close emulation of a real fly means the thing looks distinctly insect-like …read more

Tags: drone hacks
13:00
Epic Clock Clocks The Unix Epoch
» ‎ Hack a Day

Enclosure: [download]

Admit it: when you first heard of the concept of the Unix Epoch, you sat down with a calculator to see when exactly 2³¹-1 seconds would be from midnight UTC on January 1, 1970. Personally, I did that math right around the time my company hired contractors to put “Y2K Suspect” stickers on every piece of equipment that looked like it might have a computer in it, so the fact that the big day would come sometime in 2038 was both comforting and terrifying.

[Forklift] is similarly entranced by the idea of the Unix Epoch and built a clock to …read more

Tags: clock hacks

10:12
DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities
» ‎ Full Disclosure

Posted by secure on Sep 18
DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities

Dell EMC Identifier: DSA-2018-101

CVE Identifier: CVE-2018-1246, CVE-2018-1250, CVE-2018-1251

Severity Rating: CVSS v3 Base Score: See below for individual CVEs

Affected products:
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027
Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027

Summary:
Dell EMC Unity requires an...

Tags:

10:00
A Look at Liquid Dielectrics
» ‎ Hack a Day

One evening quite a few years ago, as I was driving through my hometown I saw the telltale flashing lights of the local volunteer fire department ahead. I passed by a side road where all the activity was: a utility pole on fire. I could see smoke and flames shooting from the transformer and I could hear the loud, angry 60 Hz buzzing that sounded like a million hornet nests. As I passed, the transformer exploded and released a cloud of flaming liquid that rained down on the road and lawns underneath. It seemed like a good time to quit …read more

Tags: engineering

9:14
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
» ‎ Full Disclosure

Posted by Securify B.V. via Fulldisclosure on Sep 18
------------------------------------------------------------------------
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------
Remco Vermeulen, September 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was...

Tags:

8:30
Get Your PCBs Made at the Mall
» ‎ Hack a Day

As we’ve seen with some recent posts on the subject here at Hackaday, there seems to be a growing schism within the community about the production of PCBs. Part of the community embraces (relatively) cheap professional fabrication, where you send your design off and get a stack of PCBs in the mail a couple weeks later. Others prefer at home methods of creating PCBs, such as using a CNC, laser engraver, or even the traditional toner transfer. These DIY PCBs take some skill and dedication to produce, but the advantage is that you can have the board in hand the …read more

Tags: Hardware

8:27
14 Million Records Exposed In GovPayNow Leak
» ‎ Packet Storm Security Headlines

14 Million Records Exposed In GovPayNow Leak
Tags: headlinegovernmentprivacyusadata loss
8:25
"Lawful Intercept" Pegasus Spyware Found Deployed In 45 Countries
» ‎ Packet Storm Security Headlines

"Lawful Intercept" Pegasus Spyware Found Deployed In 45 Countries
Tags: headlinegovernmentphonegooglespywareapple
8:25
MongoDB Leaks 11 Million User Records From E-Mail Marketing Service
» ‎ Packet Storm Security Headlines

MongoDB Leaks 11 Million User Records From E-Mail Marketing Service
Tags: headlineprivacydatabasespamdata loss
8:25
Yahoo! Settles Data Breach Cases To The Tune Of $47 Million
» ‎ Packet Storm Security Headlines

Yahoo! Settles Data Breach Cases To The Tune Of $47 Million
Tags: headlinehackerprivacydata lossyahoo

7:01
Ask Hackaday: How’s That Capacitor Shortage Going?
» ‎ Hack a Day

There is a looming spectre of doom hovering over the world of electronics manufacturing. It’s getting hard to find parts, and the parts you can find are expensive. No, it doesn’t have anything to with the tariffs enacted by the United States against Chinese goods this last summer. This is a problem that doesn’t have an easy scapegoat. This is a problem that strikes at the heart of any economic system. This is the capacitor and resistor shortage.

When we first reported on the possibility of a global shortage of chip capacitors and resistors, things were for the time being, …read more

Tags: business

5:45
#0daytoday #Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit [remote #exploits #0day #Exploit]
Tags:
5:42
#0daytoday #Faleemi Plus 1.0.2 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Faleemi Plus 1.0.2 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:41
#0daytoday #InfraRecorder 0.53 - (.txt) Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #InfraRecorder 0.53 - (.txt) Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:37
#0daytoday #CdBurnerXP 4.5.8.6795 - File Name Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #CdBurnerXP 4.5.8.6795 - File Name Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:37
#0daytoday #Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Han [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Han [#0day #Exploit]
Tags:
5:35
#0daytoday #TeamViewer App 13.0.100.0 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #TeamViewer App 13.0.100.0 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:34
#0daytoday #MediaTek Wirless Utility rt2870 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #MediaTek Wirless Utility rt2870 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:33
#0daytoday #Clone2Go Video to iPod Converter 2.5.0 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Clone2Go Video to iPod Converter 2.5.0 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:32
#0daytoday #Apple macOS 10.13.4 - Denial of Service Exploit CVE-2018-4240 [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Apple macOS 10.13.4 - Denial of Service Exploit CVE-2018-4240 [dos #exploits #0day #Exploit]
Tags:
5:30
#0daytoday #Infiltrator Network Security Scanner 4.6 - Denial of Service Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Infiltrator Network Security Scanner 4.6 - Denial of Service Exploit [#0day #Exploit]
Tags:
5:29
#0daytoday #PDF Explorer 1.5.66.2 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #PDF Explorer 1.5.66.2 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:28
#0daytoday #iCash 7.6.5 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #iCash 7.6.5 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:27
#0daytoday #PicaJet FX 2.6.5 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #PicaJet FX 2.6.5 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:26
#0daytoday #RoboImport 1.2.0.72 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #RoboImport 1.2.0.72 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
5:25
#0daytoday #PixGPS 1.1.8 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #PixGPS 1.1.8 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
4:33
#0daytoday #WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS Vulnerabilities [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS Vulnerabilities [#0day #Exploit]
Tags:
4:30
#0daytoday #Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion Exploit [#0day #Exploit]
Tags:
4:29
#0daytoday #Microsoft Edge Chakra JIT localeCompare Type Confusion Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Microsoft Edge Chakra JIT localeCompare Type Confusion Exploit [dos #exploits #0day #Exploit]
Tags:

4:18
SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform
» ‎ Full Disclosure

Posted by SEC Consult Vulnerability Lab on Sep 18
SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
=======================================================================
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
earlier unsupported versions
fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14
CVE...

Tags:

4:00
Rocket Science With The Other SpaceX
» ‎ Hack a Day

When you say that something’s not rocket science you mean that it’s not as hard to understand or do as it may seem. The implication is that rocket science is something which is hard and best left to the likes of SpaceX or NASA. But that’s not the hacker spirit.

[Joe Barnard] recently had an unsuccessful flight of his Falcon Heavy’s second stage and gives a very clear explanation of what went wrong using those two simple concepts along with the thrust, which in this case is just the force applied to the moment arm.

And no, you didn’t miss …read more

Tags: space

3:18
#0daytoday #Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NUL [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NUL [#0day #Exploit]
Tags:
3:17
#0daytoday #Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit [#0day #Exploit]
Tags:
3:16
#0daytoday #NUUO NVRMini2 3.8 - cgi_system Buffer Overflow (Enable Telnet) Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #NUUO NVRMini2 3.8 - cgi_system Buffer Overflow (Enable Telnet) Exploit [#0day #Exploit]
Tags:
3:14
#0daytoday #CA Release Automation NiMi 6.5 - Remote Command Execution Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #CA Release Automation NiMi 6.5 - Remote Command Execution Exploit [remote #exploits #0day #Exploit]
Tags:
3:13
#0daytoday #jiNa OCR Image to Text 1.0 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #jiNa OCR Image to Text 1.0 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:

1:00
ARM-Based NAS Is A Low Cost, Low Power Beauty
» ‎ Hack a Day

A NAS is always a handy addition to a home network, but they can be a little pricey. [Blake Burkhart] decided to create his own, prioritising budget and low power considerations, with a secondary objective to produce some router and IoT functionality on the side.

A Banana Pi R2 was a good choice to meet these requirements, being a router-based development board that also sports dual SATA connectors and gigabit Ethernet. [Blake] had some retrospective regrets about the performance of this particular SBC, but it does just fine when functioning purely as a NAS.

The enclosure for the device is …read more

Tags: ARM
September 17, 2018
22:00
It’s The Web, Basically
» ‎ Hack a Day

If you are of a certain age, you probably learned to program in Basic. Even if you aren’t, a lot of microcontroller hobbyists got started on the Basic Stamp, and there are plenty of other places where to venerable language still hides out. But if you want to write cool browser applications, you have to write JavaScript, right? Google will now let you code your web pages in Basic. Known as WWWBasic, this is — of course — a Javascript hack that you can load remotely into a web page and then have your page use Basic for customization. You …read more

Tags: internet hacks

20:03
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS
» ‎ Bugtraq

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

Apple Support 2.4 for iOS is now available and addresses the
following:

Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)...

Tags:
19:59
race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives
» ‎ Bugtraq

Posted by Joshua Hudson on Sep 17
Here's a link to the original reporting of this class of bug:
https://seclists.org/bugtraq/2000/May/67

In looking for how to deal with this problem on Windows, I discovered
that .net core has
essentially the same security bug.

That file system node might have been a directory when FindNextFile
returned it, but it's a symlink to c:\users now. Goodbye half your
data (on average) before hitting a locked file....

Tags:
19:54
APPLE-SA-2018-9-17-3 tvOS 12
» ‎ Bugtraq

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-3 tvOS 12

tvOS 12 is now available and addresses the following:

Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham

iTunes Store
Available for: Apple TV 4K and Apple TV (4th...

Tags:
19:53
APPLE-SA-2018-9-17-4 Safari 12
» ‎ Bugtraq

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-4 Safari 12

Safari 12 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

Safari
Available for: macOS Sierra 10.12.6,...

Tags:
19:48
APPLE-SA-2018-9-17-1 iOS 12
» ‎ Bugtraq

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-1 iOS 12

iOS 12 is now available and addresses the following:

Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone...

Tags:
19:45
APPLE-SA-2018-9-17-2 watchOS 5
» ‎ Bugtraq

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-2 watchOS 5

watchOS 5 is now available and addresses the following:

iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application...

Tags:
19:42
Disclose SSRF Vulnerability
» ‎ Bugtraq

Posted by alphan yavaş on Sep 17
I. VULNERABILITY
-------------------------
Rollup 18 for Microsoft Exchange Server 2010 SP3 Server Side Request
Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16793

III. VENDOR
-------------------------
https://www.microsoft.com

IV. TIMELINE
------------------------
19/06/2018 Vulnerability discovered
22/06/2018 Vendor contacted
15/08/2018 Microsoft replay that Update rollup 18 is out of date.

V. CREDIT...

Tags:

19:33
Solaris libnspr NSPR_LOG_FILE Privilege Escalation
» ‎ Packet Storm Security Exploits

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).
Tags:

19:33
Solaris libnspr NSPR_LOG_FILE Privilege Escalation
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).
Tags:

19:33
Solaris libnspr NSPR_LOG_FILE Privilege Escalation
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).
Tags:

19:27
WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS
» ‎ Packet Storm Security Exploits

WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
Tags:

19:27
WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS
» ‎ Packet Storm Security Recent Files

WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
Tags:

19:27
WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS
» ‎ Packet Storm Security Misc. Files

WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
Tags:

19:23
Apple Security Advisory 2018-9-17-3
» ‎ Packet Storm Security Advisories

Apple Security Advisory 2018-9-17-3 - tvOS 12 is now available and addresses interception issues.
Tags:

19:23
Apple Security Advisory 2018-9-17-3
» ‎ Packet Storm Security Recent Files

Apple Security Advisory 2018-9-17-3 - tvOS 12 is now available and addresses interception issues.
Tags:

19:23
Apple Security Advisory 2018-9-17-3
» ‎ Packet Storm Security Misc. Files

Apple Security Advisory 2018-9-17-3 - tvOS 12 is now available and addresses interception issues.
Tags:

19:22
Apple Security Advisory 2018-9-17-2
» ‎ Packet Storm Security Advisories

Apple Security Advisory 2018-9-17-2 - watchOS 5 is now available and addresses validation issues.
Tags:

19:22
Apple Security Advisory 2018-9-17-2
» ‎ Packet Storm Security Recent Files

Apple Security Advisory 2018-9-17-2 - watchOS 5 is now available and addresses validation issues.
Tags:

19:22
Apple Security Advisory 2018-9-17-2
» ‎ Packet Storm Security Misc. Files

Apple Security Advisory 2018-9-17-2 - watchOS 5 is now available and addresses validation issues.
Tags:

19:21
Apple Security Advisory 2018-9-17-5
» ‎ Packet Storm Security Advisories

Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.
Tags:

19:21
Apple Security Advisory 2018-9-17-5
» ‎ Packet Storm Security Recent Files

Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.
Tags:

19:21
Apple Security Advisory 2018-9-17-5
» ‎ Packet Storm Security Misc. Files

Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.
Tags:

19:19
Apple Security Advisory 2018-9-17-4
» ‎ Packet Storm Security Advisories

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.
Tags:

19:19
Apple Security Advisory 2018-9-17-4
» ‎ Packet Storm Security Recent Files

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.
Tags:

19:19
Apple Security Advisory 2018-9-17-4
» ‎ Packet Storm Security Misc. Files

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.
Tags:

19:19
Red Hat Security Advisory 2018-2715-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-2715-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2715-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2018-2715-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2715-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2018-2715-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2714-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-2714-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2714-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2018-2714-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2714-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2018-2714-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2710-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-2710-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2710-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2018-2710-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
Tags:

19:19
Red Hat Security Advisory 2018-2710-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2018-2710-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
Tags:

19:18
Red Hat Security Advisory 2018-2713-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
Tags:

19:18
Red Hat Security Advisory 2018-2713-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
Tags:

19:18
Red Hat Security Advisory 2018-2713-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
Tags:

19:18
Red Hat Security Advisory 2018-2712-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
Tags:

19:18
Red Hat Security Advisory 2018-2712-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
Tags:

19:18
Red Hat Security Advisory 2018-2712-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
Tags:

19:18
Debian Security Advisory 4296-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
Tags:

19:18
Debian Security Advisory 4296-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
Tags:

19:18
Debian Security Advisory 4296-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
Tags:

19:00
A $1, Linux-Capable, Hand-Solderable Processor
» ‎ Hack a Day

Over on the EEVblog, someone noticed an interesting chip that’s been apparently flying under our radar for a while. This is an ARM processor capable of running Linux. It’s hand-solderable in a TQFP package, has a built-in Mali GPU, support for a touch panel, and has support for 512MB of DDR3. If you do it right, this will get you into the territory of a BeagleBone or a Raspberry Pi Zero, on a board that’s whatever form factor you can imagine. Here’s the best part: you can get this part for $1 USD in large-ish quantities. A cursory glance at …read more

Tags: Hardware

18:11
Rollup 18 For Microsoft Exchange Server 2010 SP3 Server-Side Request Forgery
» ‎ Packet Storm Security Advisories

Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.
Tags:

18:11
Rollup 18 For Microsoft Exchange Server 2010 SP3 Server-Side Request Forgery
» ‎ Packet Storm Security Recent Files

Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.
Tags:

18:11
Rollup 18 For Microsoft Exchange Server 2010 SP3 Server-Side Request Forgery
» ‎ Packet Storm Security Misc. Files

Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.
Tags:

18:01
QBee MultiSensor Camera 4.16.4 Cookie Reuse
» ‎ Packet Storm Security Advisories

QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.
Tags:

18:01
QBee MultiSensor Camera 4.16.4 Cookie Reuse
» ‎ Packet Storm Security Recent Files

QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.
Tags:

18:01
QBee MultiSensor Camera 4.16.4 Cookie Reuse
» ‎ Packet Storm Security Misc. Files

QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.
Tags:

17:02
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
» ‎ Packet Storm Security Exploits

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.
Tags:

17:02
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
» ‎ Packet Storm Security Recent Files

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.
Tags:

17:02
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
» ‎ Packet Storm Security Misc. Files

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.
Tags:

17:00
Microsoft Edge Chakra JIT localeCompare Type Confusion
» ‎ Packet Storm Security Exploits

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.
Tags:

17:00
Microsoft Edge Chakra JIT localeCompare Type Confusion
» ‎ Packet Storm Security Recent Files

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.
Tags:

17:00
Microsoft Edge Chakra JIT localeCompare Type Confusion
» ‎ Packet Storm Security Misc. Files

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.
Tags:

17:00
[shellcode] Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)
» ‎ Exploit-DB

Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)
Tags:
17:00
[remote] NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
» ‎ Exploit-DB

NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Tags:
17:00
[webapps] WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting
» ‎ Exploit-DB

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting
Tags:
17:00
[local] Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
» ‎ Exploit-DB

Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
Tags:
17:00
[dos] Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion
» ‎ Exploit-DB

Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion
Tags:
17:00
[dos] Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
» ‎ Exploit-DB

Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
Tags:
17:00
[papers] [Persian] Android Application Penetration Testing
» ‎ Exploit-DB

[Persian] Android Application Penetration Testing
Tags:
17:00
[remote] Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
» ‎ Exploit-DB

Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
Tags:
17:00
[papers] Bulk SQL Injection using Burp-to-SQLMap
» ‎ Exploit-DB

Bulk SQL Injection using Burp-to-SQLMap
Tags:

16:45
Slackware Security Advisory - php Updates
» ‎ Packet Storm Security Advisories

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:

16:45
Slackware Security Advisory - php Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:

16:45
Slackware Security Advisory - php Updates
» ‎ Packet Storm Security Misc. Files

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:

16:44
Ubuntu Security Notice USN-3765-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3765-2 - USN-3765-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
Tags:

16:44
Ubuntu Security Notice USN-3765-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3765-2 - USN-3765-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
Tags:

16:44
Ubuntu Security Notice USN-3765-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3765-2 - USN-3765-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
Tags:

16:23
Ubuntu Security Notice USN-3765-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3765-1 - It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
Tags:

16:23
Ubuntu Security Notice USN-3765-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3765-1 - It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
Tags:

16:23
Ubuntu Security Notice USN-3765-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3765-1 - It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
Tags:

16:00
Hacked Electric Toothbrush Defeats Locks With Ease
» ‎ Hack a Day

The movie version of lockpicking tends to emphasize the meticulous, delicate image of the craft. The hero or villain takes out a slim wallet of fine tools, applies them with skill and precision, and quickly defeats the lock. They make it look easy, and while the image isn’t far from reality, there are other ways to pick a lock.

This expedient electric toothbrush lockpick is a surprisingly effective example of the more brute force approach to lockpicking. As [Jolly Peanut] explains, pin tumbler locks work by lining up each pin with the shear line of the cylinder, which allows the …read more

Tags: lockpicking hacks

15:26
#0daytoday #XAMPP Control Panel 3.2.2 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #XAMPP Control Panel 3.2.2 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
15:24
#0daytoday #Notebook Pro 2.0 - Denial Of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Notebook Pro 2.0 - Denial Of Service Exploit [dos #exploits #0day #Exploit]
Tags:

15:22
Apple Security Advisory 2018-9-17-1
» ‎ Packet Storm Security Advisories

Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
Tags:

15:22
Apple Security Advisory 2018-9-17-1
» ‎ Packet Storm Security Recent Files

Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
Tags:

15:22
Apple Security Advisory 2018-9-17-1
» ‎ Packet Storm Security Misc. Files

Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
Tags:

14:54
#0daytoday #Netis ADSL Router #DL4322D RTK 2.1.1 - Cross-Site Scripting Vulnerability [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Netis ADSL Router #DL4322D RTK 2.1.1 - Cross-Site Scripting Vulnerability [#0day #Exploit]
Tags:
14:54
#0daytoday #Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Vulnerability [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Vulnerability [#0day #Exploit]
Tags:
14:54
#0daytoday #Netis ADSL Router #DL4322D RTK 2.1.1 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Netis ADSL Router #DL4322D RTK 2.1.1 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
14:54
#0daytoday #Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service Exploit [dos #exploits #0day #Exploit]
Tags:
14:52
#0daytoday #Joomla JCK Editor 6.4.4 Component - parent SQL Injection Vulnerability [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Joomla JCK Editor 6.4.4 Component - parent SQL Injection Vulnerability [#0day #Exploit]
Tags:

13:00
Open Source Paramotor Using Quadcopter Tech
» ‎ Hack a Day

Have you ever dreamed of flying, but lack the funds to buy your own airplane, the time to learn, or the whole hangar and airstrip thing? The answer might be in a class of ultralight aircraft called powered paragliders, which consist of a soft inflatable wing and a motor on your back. As you may have guessed, the motor is known as a paramotor, and it’s probably one of the simplest powered aircraft in existence. Usually little more than big propeller, a handheld throttle, and a gas engine.

But not always. The OpenPPG project aims to create a low-cost paramotor …read more

Tags: Hardware

11:38
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS
» ‎ Full Disclosure

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

Apple Support 2.4 for iOS is now available and addresses the
following:

Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)...

Tags:
11:38
APPLE-SA-2018-9-17-4 Safari 12
» ‎ Full Disclosure

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-4 Safari 12

Safari 12 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

Safari
Available for: macOS Sierra 10.12.6,...

Tags:
11:38
APPLE-SA-2018-9-17-3 tvOS 12
» ‎ Full Disclosure

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-3 tvOS 12

tvOS 12 is now available and addresses the following:

Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham

iTunes Store
Available for: Apple TV 4K and Apple TV (4th...

Tags:
11:38
APPLE-SA-2018-9-17-1 iOS 12
» ‎ Full Disclosure

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-1 iOS 12

iOS 12 is now available and addresses the following:

Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone...

Tags:
11:38
APPLE-SA-2018-9-17-2 watchOS 5
» ‎ Full Disclosure

Posted by Apple Product Security on Sep 17
APPLE-SA-2018-9-17-2 watchOS 5

watchOS 5 is now available and addresses the following:

iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application...

Tags:
11:38
Multiple Vulnerabilities in Oracle WebCenter Interaction 10.3.3
» ‎ Full Disclosure

Posted by Ben N on Sep 17
Oracle WebCenter Interaction - Multiple Vulnerabilities
-------------------------------------------------------

Oracle WebCenter Interaction (WCI), formerly called BEA AquaLogic User
Interaction and now part of Oracle WebCenter Suite, is an integrated,
comprehensive collection of components used to create enterprise
portals, collaborative communities, and composite and social
applications.

The latest version of WCI is 10.3.3. The product is no...

Tags:
11:37
[CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability
» ‎ Full Disclosure

Posted by Francesco Servida on Sep 17
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam
application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an
attacker being able to reuse cookies to bypass authentication and disable the camera.

[VulnerabilityType Other]
Auth bypass using cookie

[Vendor of Product]
QBee, Vestiacom, Swisscom

[Affected Product Code...

Tags:
11:36
Disclose SSRF Vulnerability
» ‎ Full Disclosure

Posted by alphan yavaş on Sep 17
I. VULNERABILITY
-------------------------
Rollup 18 for Microsoft Exchange Server 2010 SP3 Server Side Request
Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16793

III. VENDOR
-------------------------
https://www.microsoft.com

IV. TIMELINE
------------------------
19/06/2018 Vulnerability discovered
22/06/2018 Vendor contacted
15/08/2018 Microsoft replay that Update rollup 18 is out of date.

V. CREDIT...

Tags:

11:30
Man’s Best Robotic Friend
» ‎ Hack a Day

When it comes to robotics, some of the most interesting work — and certainly the most hilarious — has come from Boston Dynamics, and their team of interns kicking robotic dogs over. It’s an impressive feat of engineering, and even if these robotic pack mules are far too loud for their intended use on the battlefield, it’s a great showcase of how cool a bunch of motors can actually be.

It’s not quite up there with the Boston Dynamics robots, but [Dimitris]’ project for the Hackaday Prize is an almost equally impressive assemblage of motors, 3D printed parts, SLAM processing …read more

Tags: the hackaday prize
10:01
3D Printing in Metal: the Laser and Metal Powder Printers We Saw at IMTS
» ‎ Hack a Day

Last week I went to the International Manufacturing Technology Show (IMTS) and it was incredible. This is a toy store for machinists and showcases the best of industrial automation. But one of the coolest trends I found at the show are all the techniques used to 3D print in metal. The best part is that many of the huge machines on display are actually running!

It’s probably better to refer to this as additive manufacturing, because the actual methods can be significantly different from your 3D printer. Below you’ll find examples of three different approaches to this process. I had …read more

Tags: printer hacks
9:00
The Desktop Computer Returns As Amiga-Infused Retro Case
» ‎ Hack a Day

The desktop computer is dead. No, I don’t mean computers that are meant to sit either on or underneath a desk. I’m talking about computer cases that are placed on a desk horizontally, probably with a monitor on top. The ‘monitor stand case’ was a mainstay for most of the 80s and 90s, but died out when CRTs became too heavy.

Now, though, there’s an interesting Kickstarter project that aims to bring the desktop computer case back, and it’s doing it as an upgrade to the classic Amiga 500, Amiga 1200, and Amiga 600 computers.

The idea for this project …read more

Tags: crowd funding

8:10
Cyber Attack Led To Bristol Airport Blank Screens
» ‎ Packet Storm Security Headlines

Cyber Attack Led To Bristol Airport Blank Screens
Tags: headlinehackermalwarebritainfraud
8:09
Why The EternalBlue Exploit Refuses To Die
» ‎ Packet Storm Security Headlines

Why The EternalBlue Exploit Refuses To Die
Tags: headlinehackergovernmentmicrosoftflawcyberwarspywarensa
8:09
Bay Area Transit System Approves New Surveillance-Oversight Policy
» ‎ Packet Storm Security Headlines

Bay Area Transit System Approves New Surveillance-Oversight Policy
Tags: headlinegovernmentusaspyware
8:09
Amazon Investigates Claims That Employees Sold Confidential Data
» ‎ Packet Storm Security Headlines

Amazon Investigates Claims That Employees Sold Confidential Data
Tags: headlineprivacyamazondata lossfraud

8:01
Linux, Without The Git Factor
» ‎ Hack a Day

Linux started as a student project in the 1990s, the creation of Linus Torvalds. He has attained celebrity status while steering his creation through the decades, but along the way he has also attracted a different reputation within the Linux and software community. He is famous for his outbursts and rants, some of which become rather personal, and it is not difficult at all to find kernel developers or would-be kernel developers who have turned their backs on the project as a result.

It’s very refreshing indeed then to read an update from [Linus] as part of his regular communications, …read more

Tags: linux hacks
7:01
Exploring an Abandoned Toys “R” Us
» ‎ Hack a Day

If someone asked me to make a list of things I didn’t expect to ever hear again, the question “Do you want to go to a Toys “R” Us?” would be pretty near the top spot. After all of their stores (at least in the United States) closed at the end of June 2018, the House of Geoffrey seemed destined to join Radio Shack as being little more than a memory for those past a certain age. A relic from the days when people had to leave their house to purchase goods.

But much to my surprise, a friend of …read more

Tags: current Events

6:33
Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Scripting
» ‎ Packet Storm Security Exploits

Netis ADSL Router DL4322D RTK version 2.1.1 suffers from a cross site scripting vulnerability.
Tags:
6:33
Oracle VirtualBox Manager 5.2.18 r124319 Denial Of Service
» ‎ Packet Storm Security Exploits

Oracle VirtualBox Manager version 5.2.18 r124319 suffers from a denial of service vulnerability.
Tags:

6:33
Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Netis ADSL Router DL4322D RTK version 2.1.1 suffers from a cross site scripting vulnerability.
Tags:
6:33
Oracle VirtualBox Manager 5.2.18 r124319 Denial Of Service
» ‎ Packet Storm Security Recent Files

Oracle VirtualBox Manager version 5.2.18 r124319 suffers from a denial of service vulnerability.
Tags:

6:33
Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Netis ADSL Router DL4322D RTK version 2.1.1 suffers from a cross site scripting vulnerability.
Tags:
6:33
Oracle VirtualBox Manager 5.2.18 r124319 Denial Of Service
» ‎ Packet Storm Security Misc. Files

Oracle VirtualBox Manager version 5.2.18 r124319 suffers from a denial of service vulnerability.
Tags:

6:15
Debian Security Advisory 4295-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4295-1 - safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
Tags:

6:15
Debian Security Advisory 4295-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 4295-1 - safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
Tags:

6:15
Debian Security Advisory 4295-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 4295-1 - safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
Tags:

6:13
Ubuntu Security Notice USN-3761-3
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3761-3 - USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
Tags:

6:13
Ubuntu Security Notice USN-3761-3
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3761-3 - USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
Tags:

6:13
Ubuntu Security Notice USN-3761-3
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3761-3 - USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
Tags:

4:00
DIY Rubber Ducky is as Cheap as its Namesake
» ‎ Hack a Day

The “Rubber Ducky” by Hak5 is a very powerful tool that lets the user perform rapid keystroke injection attacks, which is basically a fancy way of saying the device can type fast. Capable of entering text at over 1000 WPM, Mavis Beacon’s got nothing on this $45 gadget. Within just a few seconds of plugging it in, a properly programmed script can do all sorts of damage. Just think of all the havoc that can be caused by an attacker typing in commands on the local machine, and now image they are also the Flash.

But unless you’re a professional …read more

Tags: attiny hacks

2:48
#0daytoday #Oracle #VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Oracle #VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service Exploit [#0day #Exploit]
Tags:
2:48
#0daytoday #Oracle VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Oracle VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service Exploit [#0day #Exploit]
Tags:

1:43
Oracle WebCenter Interaction XSS / Insecure Redirect / CSRF / DoS
» ‎ Packet Storm Security Advisories

Oracle WebCenter Interaction version 10.3.3 suffers from cross site request forgery, cross site scripting, denial of service, and various other vulnerabilities.
Tags:

1:43
Oracle WebCenter Interaction XSS / Insecure Redirect / CSRF / DoS
» ‎ Packet Storm Security Recent Files

Oracle WebCenter Interaction version 10.3.3 suffers from cross site request forgery, cross site scripting, denial of service, and various other vulnerabilities.
Tags:

1:43
Oracle WebCenter Interaction XSS / Insecure Redirect / CSRF / DoS
» ‎ Packet Storm Security Misc. Files

Oracle WebCenter Interaction version 10.3.3 suffers from cross site request forgery, cross site scripting, denial of service, and various other vulnerabilities.
Tags:

1:31
[SECURITY] [DSA 4296-1] mbedtls security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4296-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mbedtls
CVE ID : CVE-2018-0497 CVE-2018-0498

Two...

Tags:
1:28
[SECURITY] [DSA 4295-1] thunderbird security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4295-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-5156 CVE-2018-5187...

Tags:
1:27
[SECURITY] [DSA 4294-1] ghostscript security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4294-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2018-16509 CVE-2018-16802...

Tags:
1:24
[SECURITY] [DSA 4273-2] intel-microcode security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Sep 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4273-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-3639...

Tags:
1:17
[slackware-security] php (SSA:2018-257-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Sep 17
[slackware-security] php (SSA:2018-257-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.38-i586-1_slack14.2.txz: Upgraded.
One security bug has been fixed in this release:
Apache2: XSS due to the header Transfer-Encoding: chunked
For more information, see:...

Tags:
1:13
[SECURITY] [DSA 4293-1] discount security update
» ‎ Bugtraq

Posted by Alessandro Ghedini on Sep 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4293-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
September 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : discount
CVE ID : CVE-2018-11468 CVE-2018-11503...

Tags:

1:00
Hand-Forged Cases Make Nixie Clocks into Works of Art
» ‎ Hack a Day

Both “Nixie” and “Steampunk” are getting a bit overused. It’s hard to count the number of clock projects we’ve seen recently that combine the two, and normally we’d be loath to feature yet another variation on that theme without a good reason. This is a good reason.

The single-digit Nixie clocks that [Claes Vahlberg] built are, simply put, works of art. There’s a small version of the clock, featuring a single IN-16 Nixie, and a larger version that uses a Dalibor Farny custom Nixie, a work of art in its own right. Each clock has features like time and date, …read more

Tags: clock hacks

0:00
Vuln: Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
Tags:
0:00
Vuln: Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
Tags:
0:00
Vuln: Google Chrome Unspecified Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Google Chrome Unspecified Security Vulnerabilities
Tags:
0:00
Vuln: Moodle CVE-2018-14630 Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Moodle CVE-2018-14630 Remote Code Execution Vulnerability
Tags:

September 16, 2018
22:55
Debian Security Advisory 4294-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4294-1 - Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
Tags:

22:55
Debian Security Advisory 4294-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 4294-1 - Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
Tags:

22:55
Debian Security Advisory 4294-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 4294-1 - Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
Tags:

22:22
XAMPP Control Panel 3.2.2 Denial Of Service
» ‎ Packet Storm Security Exploits

XAMPP Control Panel version 3.2.2 suffers from a denial of service vulnerability.
Tags:

22:22
XAMPP Control Panel 3.2.2 Denial Of Service
» ‎ Packet Storm Security Recent Files

XAMPP Control Panel version 3.2.2 suffers from a denial of service vulnerability.
Tags:

Skip to page: 1 2 3 4 ... 829

Feeds

Recent items

Tags:

Tags:

Tags:

Tags:

Tags: the hackaday prize

Tags:

Tags: headlinehackercybercrimedata lossfraud

Tags: headlinehackergovernmentmalwareusabotnetfbi

Tags: headlinehackergovernmentprivacyemailusadata losscyberwar

Tags: headlinehackercybercrimefraud

Tags: headlinegovernmentusafraudflaw

Tags: printer hacks

Tags: hackaday Columns

Tags: tablet hacks

Tags: Software development

Tags:

Tags:

Tags:

Tags: games

Tags: misc hacks

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: classic hacks

Tags:

Tags:

Tags: parts

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: headlinehackerdata lossfacebooksocial

Tags: headlinehackerconference

Tags:

Tags:

Tags:

Tags: