WiFi Drive CR version 1.0 suffers from a file upload vulnerability that allows for malicious script execution.
Monthly Archives: September 2015
Flowdock API Script Insertion
Flowdock API suffers from a script insertion vulnerability.
Bugtraq: Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
Bugtraq: ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities
ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities
Bugtraq: [SECURITY] [DSA 3365-1] iceweasel security update
[SECURITY] [DSA 3365-1] iceweasel security update
Bugtraq: Cisco AnyConnect elevation of privileges via DMG install script
Cisco AnyConnect elevation of privileges via DMG install script
RHBA-2015:1836-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.5 Extended Update Support.
DSA-3367 wireshark – security update
Multiple vulnerabilities were discovered in the dissectors/parsers for
ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal
functions which could result in denial of service.
Heartbleed Vulnerability Scanning Tool
This python script checks for the OpenSSL memory leak named Heartbleed and as noted in CVE-2014-0160. It can be used for different SSL TLS versions and multiple (HTTPS/SMTP/IMAP/POP3) protocols. It is optimized for mass scans.
Windows Kernel NtGdiBitBlt Buffer Overflow
The attached proof of concept exploit triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys.