Nagios Log Server versions 1.4.1 and below suffer from authentication bypass, privilege escalation, cross site scripting, and inconsistent control vulnerabilities.
Monthly Archives: August 2016
WordPress Advanced Custom Fields: Table Field 1.1.12 XSS
WordPress Advanced Custom Fields: Table Field plugin version 1.1.12 suffers from a persistent cross site scripting vulnerability.
Hacker Reveals Personal Information For Almost 200 Democrats
Guccifer 2.0 Leaks Personal Info of Nearly 200 Congressional Democrats
The hacker, who recently claimed responsibility for the high-profile hack of Democratic National Committee (DNC), has now taken credit for hacking into the Democratic Congressional Campaign Committee (DCCC) as well.
To prove his claims, the hacker, going by the moniker Guccifer 2.0, dumped on Friday night a massive amount of personal information belonging to nearly 200 Democratic House
New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer
Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks.
However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not
CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
CVE-2016-5845
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
CVE-2016-5847
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.
WebNMS Framework Server 5.2 Arbitrary File Upload
This Metasploit module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution under the user which the WebNMS server is running. This Metasploit module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.
Hydra Network Logon Cracker 8.3
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.