libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.
Monthly Archives: September 2015
DSA-3357 vzctl – security update
It was discovered that vzctl, a set of control tools for the OpenVZ
server virtualisation solution, determined the storage layout of
containers based on the presence of an XML file inside the container.
An attacker with local root privileges in a simfs-based container
could gain control over ploop-based containers. Further information on
the prerequisites of such an attack can be found at
src.openvz.org.
DSA-3359 virtualbox – security update
This update fixes an unspecified security issue in VirtualBox related to
guests using bridged networking via WiFi. Oracle no longer provides
information on specific security vulnerabilities in VirtualBox. To still
support users of the already released Debian releases we’ve decided to
update these to the respective 4.1.40 and 4.3.30 bugfix releases.
DSA-3358 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.
Bugtraq: [security bulletin] HPSBHF03408 rev.2 – HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code
[security bulletin] HPSBHF03408 rev.2 – HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code
Bugtraq: IKEView.exe Fox beta 1 Stack Buffer Overflow
IKEView.exe Fox beta 1 Stack Buffer Overflow
Bugtraq: [SECURITY] [DSA 3356-1] openldap security update
[SECURITY] [DSA 3356-1] openldap security update
Re: OpenLDAP ber_get_next Denial of Service
Posted by Mark Koek on Sep 11
Why are they labelling this ‘minor’ and not issuing a fix?
I could use the oneliner in this advisory to kill the vanilla OpenLDAP
on my Ubuntu box. Remotely.
A remote unauthenticated DoS against a directory server is /not/ minor,
IMHO.
Defense in depth — the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
Posted by Stefan Kanthak on Sep 11
Hi @ll,
part 31 (see <http://seclists.org/fulldisclosure/2015/Mar/92>)
showed how to execute arbitrary (rogue) executables planted as
– %SystemRoot%System32Write.exe,
– %SystemRoot%System32WinHelp.exe,
– %SystemRoot%System32RegEdit.exe,
– %SystemRoot%System32Explorer.exe
etc. instead of
– %SystemRoot%Write.exe,
– %SystemRoot%WinHelp.exe,
– %SystemRoot%RegEdit.exe,
– %SystemRoot%Explorer.exe
etc., including the possibility to…
DSA-3356 openldap – security update
Denis Andzakovic discovered that OpenLDAP, a free implementation of the
Lightweight Directory Access Protocol, does not properly handle BER
data. An unauthenticated remote attacker can use this flaw to cause a
denial of service (slapd daemon crash) via a specially crafted packet.