Various PLANET IP cameras suffer from local file inclusion, arbitrary file read, information disclosure, cross site request forgery, cross site scripting, and hard-coded credential vulnerabilities.
Monthly Archives: May 2016
Merit LILIN XSS / CSRF / Credential Issues
Merit LILIN IP cameras suffer from cross site request forgery, cross site scripting, hard-coded credential, and various other vulnerabilities.
Debian Security Advisory 3577-1
Debian Linux Security Advisory 3577-1 – Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.
Debian Security Advisory 3578-1
Debian Linux Security Advisory 3578-1 – It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.
Debian Security Advisory 3579-1
Debian Linux Security Advisory 3579-1 – Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.
Location-tracking apps ‘breach of European data protection law’
A Norwegian-based watchdog has identified a breach of European data protection law by fitness tracking app, Runkeeper.
The post Location-tracking apps ‘breach of European data protection law’ appeared first on We Live Security.
