Posted by Kyriakos Economou on Jan 27
* CVE: CVE-2015-8772
* Vendor: McAfee – Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly IOCTL_DISK_VERIFY IOCTL requests, which leads to kernel…
Posted by Kyriakos Economou on Jan 27
* CVE: CVE-2015-8772
* Vendor: McAfee – Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly IOCTL_DISK_VERIFY IOCTL requests, which leads to kernel memory leak
through specifically crafted IOCTLs. Normally the IOCTL_DISK_VERIFY IOCTL is used to…
Posted by Kyriakos Economou on Jan 27
* CVE: CVE-2015-8773
* Vendor: McAfee – Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by
crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object…
Posted by cfp2016 on Jan 27
+
-6)) + +
+
+ + +
+…
Posted by ERPScan inc on Jan 27
[ERPSCAN-15-024] SAP HANA hdbindexserver – Memory corruption
Application: SAP HANA
Versions Affected: SAP HANA 1.00.095
Vendor URL: http://SAP.com
Bugs: Memory corruption, RCE
Reported: 17.07.2015
Vendor response: 18.07.2015
Date of Public Advisory: 13.10.2015
Reference: SAP Security Note 2197428
Author:…
Posted by Profundis Labs on Jan 27
During a security investigation multiple security issues have been
discovered in the MOVEit File Transfer web- and mobile application from
Ipswitch, Inc.
* CVE-2015-7675: Unauthorized access to arbitrary files and documents
https://www.profundis-labs.com/advisories/CVE-2015-7675.txt
* CVE-2015-7676: Insecure default configuration (Persistant XSS)
https://www.profundis-labs.com/advisories/CVE-2015-7676.txt
* CVE-2015-7677: Enumeration of…
Posted by Hacking Corporation Sàrl on Jan 27
—————————————————————————-
Advisory ID: HCA0005 – http://hackingcorp.ch/advisories/HCA0005.pdf
Product: Horizon HD / WiFi
Vendor: Liberty Global plc companies (Unitymedia GmbH, UPC Cablecom, …)
Affected Version(s): unknown
Tested Version(s): current
Vulnerability Type: Weak WiFi passphrase generation
Risk Level: Medium
Vendor Notification: 2015-05-14
Public Disclosure: 2016-01-25, patch ready…
A buffer overflow vulnerability exists in SAP HANA interface. If an attacker has a network access to the SQL interface or the SAP HANA Extended Application Services interface of an SAP HANA system, the vulnerability enables the attacker to inject code into the working memory that is subsequently executed by the application. It can also be used to cause a general fault in the product causing the product to terminate.
REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. For 2016 it will be held June 17th through the 19th and the Call For Papers has been announced.
Debian Linux Security Advisory 3456-1 – Several vulnerabilities were discovered in the chromium web browser.