Posted by Chris Holland on Mar 06
is this different from 2013’s CVE-2013-6117 ?
https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117
Monthly Archives: March 2017
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility
Posted by Aromal Raj on Mar 06
Document Title:
===============
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility
Vendor:
=======
Appneta (https://www.appneta.com/)
Product and Versions Affected:
==============================
Tcpreplay 4.1.2 and possibly prior.
Fixed Version:
==============
4.2.0 Beta 1
Product Description:
====================
Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under
Cygwin) operating systems…
OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445)
Posted by Wolfgang on Mar 06
During my research about update mechanisms of open-source software I
discovered vulnerabilities in OpenElec.
== [ OVERVIEW ] ==
System affected: OpenElec
CVE: CVE-2017-6445
Vulnerable component: auto-update feature
Software-Version: 6.0.3, 7.0.1
User-Interaction: Reboot required
Impact: Remote Code Execution with root permission
== [ PRODUCT DESCRIPTION ] ==
According to its website “Open Embedded Linux…
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility
Posted by Aromal Raj on Mar 06
Document Title:
===============
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap
Etterfilter utility
Vendor:
=======
Ettercap (http://ettercap.github.io/ettercap/)
Product and Versions Affected:
==============================
Etterfilter 0.8.2 and possibly prior.
Vulnerability Type:
===================
Denial-of-Service
CVE Reference:
==============
CVE-2017-6430
Vulnerability Details:
======================
Etterfilter…
Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe
Posted by Stefan Kanthak on Mar 06
Hi @ll,
InnoSetup is BROKEN, it creates DEFECTIVE “portable executable”
image files, for example innosetup-5.5.9.exe itself.
JFTR: unfortunately Windows’ module loader covers these bugs and
loads such defective PE image files.
DEFECTS:
~~~~~~~~
1. all (8) IMAGE_IMPORT_DESCRIPTOR entries in the IMPORT directory
are INVALID: their Characteristics/OriginalFirstThunk fields
contain 0 instead of the RVA of the import…
ettercap-0.8.2-4.1.fc25
Fix for CVE-2017-6430
ettercap-0.8.2-4.1.fc24
Fix for CVE-2017-6430
Database of 1.4 Billion Records leaked from World’s Biggest Spam Networks
A database of 1.4 billion email addresses combined with real names, IP addresses, and often physical address has been exposed in what appears to be one the largest data breach of this year.
What’s worrisome? There are high chances that you, or at least someone you know, is affected by this latest data breach.
<!– adsense –>
Security researcher Chris Vickery of MacKeeper and Steve Ragan of
GNU Transport Layer Security Library 3.3.27
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
deluge-1.3.14-1.fc24
Core
#2889: Fixed ‘Too many files open’ errors.
#2861: Added support for python-geoip for use with libtorrent 1.1.
#2149: Fixed a single proxy entry being overwritten resulting in no proxy set.
UI
Added tracker_status translation to UIs.
GtkUI
#2901: Strip whitespace from infohash before checks.
Add missed feature autofill infohash entry from clipboard.
WebUI
#1908: Backport bind interface option for server.
Security: Fixed WebUI CSRF Vulnerability.
ConsoleUI
#2948 [Console] Fix decode error comparing non-ascii (str) torrent name.
AutoAdd? Plugin
Fixes for splitting magnets from file.
Remove duplicate magnet extension when splitting.