Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
Monthly Archives: August 2016
Microsoft Open Sources PowerShell; Now Available for Linux and Mac OS X
‘Microsoft loves Linux’ and this has never been so true than now.
Microsoft today made its PowerShell scripting language and command-line shell available to the open source developer community on GitHub under the permissive MIT license.
<!– adsense –>
The company has also launched alpha versions of PowerShell for Linux (specifically Red Hat, Ubuntu, and CentOS) and Mac OS X, in addition,
QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite
QNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection
QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.
QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection
QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
SIEMENS IP Camera CCMW1025 x.2.2.1798 Change Admin User / Password
SIEMENS IP Camera CCMW1025 version x.2.2.1798 remote change admin user / password exploit.
Debian Security Advisory 3649-1
Debian Linux Security Advisory 3649-1 – Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG’s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
Debian Security Advisory 3650-1
Debian Linux Security Advisory 3650-1 – Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt’s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
Cisco Security Advisory 20160817-asa-snmp
Cisco Security Advisory – A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted SNMP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic only. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.