Monthly Archives: December 2015

Full Disclosure

APPLE-SA-2015-12-11-1 iTunes 12.3.2

Posted by Apple Product Security on Dec 11

APPLE-SA-2015-12-11-1 iTunes 12.3.2

iTunes 12.3.2 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple…

Full Disclosure

Polycom VVX-Series Business Media Phones Path Traversal Vulnerability

Posted by Jake Reynolds on Dec 11

Polycom VVX-Series Business Media Phones Path Traversal Vulnerability

–Summary–

Polycom VVX-series Business Media Phones allow authenticated users to execute file path traversal attacks

# Polycom
# http://www.polycom.com

–Affects–

# Polycom VVX 101, 201, 300, 310, 400, 410, 500, 600, & 1500
# UC Software 4.1.8 and earlier, 5.2.3 and earlier, 5.3.1 and earlier, 5.4.0 and earlier

–Details–

Polycom VVX-series IP phones provide a web…

Full Disclosure

CLOUD4WI SPLASH PORTAL REFLECTED XSS VULNERABILITY – CVE-2015-4699

Posted by agotouning () libero it on Dec 11

CLOUD4WI SPLASH PORTAL Reflected XSS vulnerability
Quantum Leap Advisory: CLOUD4WI SPLASH PORTAL Reflected XSS vulnerability – Adivsory # CVE-2015-4699
Affected Product: CLOUD4WI SPLASH PORTAL
Credits: Vulnerability discovered by Agostino Parentela of Quantum Leap s.r.lExecutive SummaryUsing a specially crafted
HTTP request, it is possible to exploit a lack in the neutralization of the pages output which includes the user
submitted content….

Security

Nmap Port Scanner 7.01

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.