Posted by Karn Ganeshen on Jun 16
*HP StoreEver MSL6480 Tape Library v4.10 – Multiple Vulnerabilities*
*Confirmed on firmware version 4.10*
*HPE PSRT response*: Upgrade to MSL6480 is 4.90 (current version)
*Weak Credentials Management*
The device comes with weak, default login credentials – security/security –
and the application does not enforce a mandatory, password change from
default to strong password values.
*Access Control Issues*
An unauthenticated user can download…
Posted by Karn Ganeshen on Jun 16
+++++
*Vulnerable Products*
1. Papouch TME Ethernet thermometer
2. Papouch TME multi: Temperature and humidity via Ethernet
*All versions affected*
*TME – Ethernet Thermometer*
http://www.papouch.com/en/shop/product/tme-ip-ethernet-thermometer/
*TME multi: Temperature and humidity via Ethernet*
http://www.papouch.com/en/shop/product/tme-multi-temperature-humidity-via-ethernet/
*Vulnerability Details*
*1. Weak Credentials Management*
Device…
This proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.
This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after it has been deleted.
CentOS Errata and Security Advisory 2016:1217 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1217.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: f79412140473a03de8d8f29357d9b4c6ce48cc2a0284c5a88f05fa28a6cf289d firefox-45.2.0-1.el7.centos.i686.rpm 4c9e18cfccc1942cc39ccb2644b308d4c381128f2ee39f4f735c34325354feb5 firefox-45.2.0-1.el7.centos.x86_64.rpm Source: 54784c2a92a040f721608d254a75f95cbab5ba33d436f63f20479145b486c334 firefox-45.2.0-1.el7.centos.src.rpm
This Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar to the web_delivery module with PSH). Both web requests (i.e., the .sct file and PowerShell download and execute) can occur on the same port.
Roxy File Manager versions 1.4.4 and below suffer from a remote shell upload vulnerability.
HP Security Bulletin HPSBGN03553 1 – HP OneView has addressed stack based buffer overflows in glibc’s implementation of getaddrinfo() and also a vulnerability in OpenSSL. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of the user running glibc library. Revision 1 of this advisory.
HP Security Bulletin HPSBNS03625 1 – NonStop Application Server for Java (NSASJ) has addressed the cross-protocol Attack on TLS using SSLv2 also known as “DROWN”. This vulnerability could be exploited remotely resulting in disclosure of information. Note: NSASJ configurations that have enabled SSL/TLS are vulnerable if SSLv2 is enabled or they share private keys with systems that have it enabled. Revision 1 of this advisory.
Multiple ATCOM PBX systems suffer from an authentication bypass vulnerability.