Logic security flaw in TP-LINK – tplinklogin.net
Monthly Archives: July 2016
Bugtraq: Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
Executable installers are vulnerable^WEVIL (case 34): Microsoft’s vs-community-*.exe susceptible to DLL hijacking
Bugtraq: KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
Bugtraq: [security bulletin] HPSBGN03626 rev.1 – HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam
[security bulletin] HPSBGN03626 rev.1 – HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam
RHBA-2016:1290-4: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix two bugs are now available for Red Hat
Enterprise Linux 7.
DSA-3613 libvirt – security update
Vivian Zhang and Christoph Anton Mitterer discovered that setting an
empty VNC password does not work as documented in Libvirt, a
virtualisation abstraction library. When the password on a VNC server is
set to the empty string, authentication on the VNC server will be
disabled, allowing any user to connect, despite the documentation
declaring that setting an empty password for the VNC server prevents all
client connections. With this update the behaviour is enforced by
setting the password expiration to now
.
DSA-3614 tomcat7 – security update
The TERASOLUNA Framework Development Team discovered a denial of service
vulnerability in Apache Commons FileUpload, a package to make it
easy to add robust, high-performance, file upload capability to servlets
and web applications. A remote attacker can take advantage of this flaw
by sending file upload requests that cause the HTTP server using the
Apache Commons Fileupload library to become unresponsive, preventing the
server from servicing other requests.
DSA-3615 wireshark – security update
Multiple vulnerabilities were discovered in the dissectors/parsers for
PKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB,
Toshiba, CoSine, NetScreen, WBXML which could result in denial of service
or potentially the execution of arbitrary code.
How to Crack Android Full Disk Encryption on Qualcomm Devices
The heated battle between Apple and the FBI provoked a lot of talk about Encryption – the technology that has been used to keep all your bits and bytes as safe as possible.
We can not say a lot about Apple’s users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data.
Android’s full-disk encryption can be cracked much more easily than expected
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
Posted by KoreLogic Disclosures on Jul 01
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
Title: SQLite Tempdir Selection Vulnerability
Advisory ID: KL-001-2016-003
Publication Date: 2016.07.01
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
1. Vulnerability Details
Affected Vendor: SQLite/Hwaci
Affected Product: SQLite
Affected Version: All versions prior to 3.13.0
Platform: UNIX, GNU/Linux
CWE Classification:…