The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.
Monthly Archives: January 2015
CVE-2014-8479
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.
CVE-2015-1048
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Firefox Meta Referrer A Move Toward Browser Privacy
Mozilla announced the availability of a meta referrer header in Firefox 36 beta. The meta referrer provides users with policy options limiting the personal data sent in web requests.
Red Hat Security Advisory 2015-0065-01
Red Hat Security Advisory 2015-0065-01 – After May 29 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.
Red Hat Security Advisory 2015-0068-01
Red Hat Security Advisory 2015-0068-01 – The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Red Hat Security Advisory 2015-0062-01
Red Hat Security Advisory 2015-0062-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel’s SCTP implementation handled the association’s output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
AVM FRITZ!Box Firmware Signature Bypass
The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface during a MITM attack.
articleFR CMS 3.0.5 SQL Injection
articleFR CMS version 3.0.5 suffers from a remote SQL injection vulnerability.
HP Security Bulletin HPSBUX03235 SSRT101750 1
HP Security Bulletin HPSBUX03235 SSRT101750 1 – A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.