This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.

Security

Scalix Web Access 11.4.6.12377 / 12.2.0.14697 XXE Injection / XSS

October 31, 2014 007admin Leave a comment

Scalix Web Access versions 11.4.6.12377 and 12.2.0.14697 suffer from cross site scripting and XXE injection vulnerabilities.

Security

McAfee EEFF / FRP Predictable Salt

October 31, 2014 007admin Leave a comment

The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).

007 Software

Monthly Archives: October 2014

Vuln: PHP 'exif_thumbnail()' Function Heap Based Buffer Overflow Vulnerability

Vuln: PHP 'libxmlrpc/xmlrpc.c' Buffer Overflow Vulnerability

Vuln: PHP 'donote()' Function Out-of-Bounds Read Vulnerability

Bugtraq: [SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) – Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)

Bugtraq: SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access

Bugtraq: [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU

Bugtraq: [SECURITY] [DSA 3060-1] linux security update

Xerox Multifunction Printers (MFP) "Patch" DLM Escalation

Scalix Web Access 11.4.6.12377 / 12.2.0.14697 XXE Injection / XSS

McAfee EEFF / FRP Predictable Salt

Software and Security Information