An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.
Monthly Archives: March 2017
Attacks Heating Up Against Apache Struts 2 Vulnerability
Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.
Consumer Reports launches new privacy and data security standard
The US-based nonprofit organization Consumer Reports has come up with a new standard that aims to boost consumer confidence in privacy and data security.
The post Consumer Reports launches new privacy and data security standard appeared first on WeLiveSecurity
Stegano 0.6.8
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
OpenDNSSEC 2.1.0
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Lynis Auditing Tool 2.4.5
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection
Navetti PricePoint version 4.6.0.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2017-0462-01
Red Hat Security Advisory 2017-0462-01 – IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP1. Security Fix: This update fixes a vulnerability in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Ubuntu Security Notice USN-3222-1
Ubuntu Security Notice 3222-1 – It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
HP Security Bulletin HPESBGN03712 1
HP Security Bulletin HPESBGN03712 1 – A potential security vulnerability has been identified in HPE LoadRunner and Performance Center. This vulnerability could be remotely exploited to allow remote code execution. Revision 1 of this advisory.