Red Hat Security Advisory 2016-1838-01 – Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.
Monthly Archives: September 2016
Red Hat Security Advisory 2016-1841-01
Red Hat Security Advisory 2016-1841-01 – Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.
Red Hat Security Advisory 2016-1836-01
Red Hat Security Advisory 2016-1836-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in Kibana’s logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
Red Hat Security Advisory 2016-1839-01
Red Hat Security Advisory 2016-1839-01 – Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.
Red Hat Security Advisory 2016-1840-01
Red Hat Security Advisory 2016-1840-01 – The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.2.
FBI Arrests Two Hackers Who Hacked US Spy Chief, FBI and CIA Director
US authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group “Crackas With Attitude.”
Crackas with Attitude is the group of hackers who allegedly was behind a series of audacious and embarrassing hacks that targeted personal email accounts of senior officials at the CIA, FBI, the White House, Homeland Security Department, and other US
Unrar 0.0.1 Memory Corruption
Posted by Rio Sherri on Sep 08
# Title : Unrar 0.0.1 Memory Corruption
# Date : 05/09/2016
# Author : R-73eN
# Tested on : Linux VM 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50
UTC 2011 i686 i686 i386 GNU/Linux
# Software : https://github.com/defiant-labs/unrar-free
root@VM:~/unrar-free/src# unrar –version
unrar 0.0.1
root@VM:~/unrar-free/src# gdb –args ./unrar ~/test.rar
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc….
Multiple vulnerabilities – Powerlogic/Schneider Electric IONXXXX series Smart Meters
Posted by Karn Ganeshen on Sep 08
*Powerlogic/Schneider Electric IONXXXX series Smart Meters – Multiple
security issues*
*Impacted devices:*
*ION7300 and potentially all IONXXXX models (based off of Powerlogic) *For
example, Power Measurement Ltd. Meter ION 7330V283 ETH ETH7330V274
http://www.schneider-electric.com/download/hk/en/details/2254511-ETH-7330-V274/?reference=ETH7330V274
*About*
Power & Energy Monitoring System
Compact energy and power quality meters for feeders…
ELNet Energy & Electrical Power Meter – Mulitple Vulnerabilities
Posted by Karn Ganeshen on Sep 08
*ELNet **Energy & Electrical Power Meter – Mulitple Vulnerabilities*
http://elnet.feniks-pro.com/Elnet-LT.php
http://www.elnet.cc/product/elnet-lt/
Powermeter with color graphic display for all electrical measurements and
harmonics, with TCP/IP and RS485 communication (ModBus and Bacnet), panel
mounted 96X96 mm.
*Product Description*
General
Simple operated menus.
– Multilingual support.
– Up to One year of energy data logging….
Heap 'two-write-where-and-what' format string (FMS) technique
Posted by bashis on Sep 08
/*
Author: bashis <mcw noemail eu>, 2016
Small example code of ‘two-write-where-and-what’ format string (FMS) and description how to possible exploit when
located on heap.
Since the technique is ‘two-write-where-and-what’, it’s possible to jump to lower target address than the FMS has
counted up to.
[You will need to check addresses of free() and target() to see if it’s matching this example; if not, you…