Posted by RedTeam Pentesting GmbH on Jan 07
Advisory: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of
arbitrary customers when receiving manipulated CWMP packets. These
credentials can then be used by an attacker to register any VoIP number
of the victim. This enables the attacker to place and receive calls on
behalf of the attacked user.
Details
=======
Product: o2 DSL Auto Configuration Server…
From: Apple Product Security
Reply to list
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 QuickTime 7.7.9 is now available and addresses the following: QuickTime Available for: Windows 7 and Windows Vista Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution [...]
From: Apple Product Security
Reply to list
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 [Re-sending with a valid signature] QuickTime 7.7.9 is now available and addresses the following: QuickTime Available for: Windows 7 and Windows Vista Impact: Viewing a maliciously crafted movie file may lead to an [...]
[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
Serendipity Security Advisory – XSS Vulnerability – CVE-2015-8603
[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability
Possible vulnerability in F5 BIG-IP LTM – Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through
Red Hat Enterprise Linux: Updated gnutls packages that fix one security issue are now available for
Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-7575
Red Hat Enterprise Linux: Updated samba packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5252, CVE-2015-5296, CVE-2015-5299
Red Hat Enterprise Linux: Updated samba4 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540