Posted by Mark Cross on Jul 25
On the 7th of July 2015 I discovered a reflected cross-site scripting
(XSS) vulnerability in QNAP TS-x09 Network Attached Storage devices.
Full disclosure was undertaken with the vendor and a CVE-ID has been
requested from Mitre.
CVE-ID: requested via PGP email
7th July 2015
Author: Mark Cross
Twitter: @xerubus
WWW: www.mogozobo.com
Reference: http://www.mogozobo.com/?p=2574
====================
Summary
====================
A reflected…
Posted by Securify B.V. on Jul 25
————————————————————————
Integer overflow in .NET Framework
System.DirectoryServices.Protocols.Utility class
————————————————————————
Yorick Koster, May 2015
————————————————————————
Abstract
————————————————————————
An integer overflow exists in the…
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information disclosure,
denial of service or insecure cryptography.
Several vulnerabilities have been discovered in LXC, the Linux
Containers userspace tools. The Common Vulnerabilities and Exposures
project identifies the following problems:
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.