VenShop System 2010 suffers from a database disclosure vulnerability.
Monthly Archives: September 2016
CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.
CVE-2016-4845
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
CVE-2016-5793
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.
CVE-2016-6531
** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the “vulnerability note … is factually false … there is indeed a default blank password, but it can be changed … We recommend that users change it, each customer receives direction.”
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.
Hacker Who Helped ISIS to Build 'Hit List' Of US Military Personnel Jailed for 20 Years
A computer hacker who allegedly helped the terrorist organization ISIS by handing over data for 1,351 US government and military personnel has been sentenced to 20 years in a U.S. prison.
Ardit Ferizi, aka Th3Dir3ctorY, from Kosovo was sentenced in federal court in Alexandria, for “providing material support to the Islamic State of Iraq and the Levant (ISIL) and accessing a protected computer
Google WiFi Router — Combine Multiple Routers to Boost WiFi Signal
Can you rely on a single loudspeaker in your living room for great sound throughout your home?
Nah!
In the same way, you can not expect a single WiFi router to provide stable range throughout your home.
To solve this issue, Google will soon power your home’s wireless internet network with its own-brand new WiFi router called Google WiFi, according to a new report.
<!– adsense –>
Google is
TOR Virtual Network Tunneling Tool 0.2.8.8
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
Metasploit Web UI Static secret_key_base Value
This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.