Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Monthly Archives: April 2016
CVE-2016-2306
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVE-2016-2354
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.
CVE-2016-3145
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.
Core Windows Utility Can Be Used to Bypass AppLocker
A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections.
DSA-3553 varnish – security update
Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP
reverse proxy, is vulnerable to HTTP smuggling issues, potentially
resulting in cache poisoning or bypassing of access control policies.
WatchGuard Launches Global Technology Partner Program
Technology Partner Integrations Provide Better Security for Thousands of Customers
Bugtraq: Webutler CMS 3.2 – Cross-Site Request Forgery
Webutler CMS 3.2 – Cross-Site Request Forgery
Bugtraq: OpenTSDB RCE
OpenTSDB RCE
Bugtraq: exploit CVE-2016-2203
exploit CVE-2016-2203