Posted by Vulnerability Lab on Oct 27
Document Title:
===============
WebDisk+ v2.1 iOS – Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1349
Release Date:
=============
2014-10-23
Vulnerability Laboratory ID (VL-ID):
====================================
1349
Common Vulnerability Scoring System:
====================================
9.1
Product & Service Introduction:
===============================…
Posted by Vulnerability Lab on Oct 27
Document Title:
===============
iFileExplorer v6.51 iOS – File Include Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1345
Release Date:
=============
2014-10-22
Vulnerability Laboratory ID (VL-ID):
====================================
1345
Common Vulnerability Scoring System:
====================================
5.4
Product & Service Introduction:…
routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.
Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.
The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
There’s one question that appears on any Internet platform on which you have to verify your identity with a password: “Forgotten your password?†Companies nowadays know how forgetful we users can be. Particularly when it comes to remembering a complex sequence of letters and numbers that we’ve had to conjure up.
And that’s not all. There are the PINs for your cell phone, your credit card… There are now so many things to commit to memory that it sometimes seems that we just don’t have enough neurons to deal with it all.
As the technology giants are well aware of this human limitation, some are now including fingerprint sensors in devices, so owners confirm their identity simply by placing a finger on the screen. Many mobile devices also include a voice recognition option, though this is rarely activated by users.
These methods of identification however are still not entirely practical. At least this is what the President’s cybersecurity coordinator, Michael Daniel, believes. He wants to get rid of passwords from the White House forever.
One of the more unusual alternatives suggested by Daniel is for the President’s staff to use selfies.
It would seem that these snap shots could now be used for something other than just posting on social networks. Daniel’s plan would involve installing a series of sensors around the building which could recognize the faces of those entering certain areas of the President’s residence.
Instead of having to stand right in front of the sensor, staff could just show the screen of their cell phones displaying a clear and recognizable selfie.
Daniel believes that technology companies have begun to realize that security measures must not only be functional, they must also take into account how users behave. If these measures are too complicated or difficult, people just won’t use them, he warned.
That’s why selfies could be the perfect answer, as even world leaders have taken to this latest digital craze.
The post White House wants to replace passwords with selfies appeared first on MediaCenter Panda Security.
Most internet users have faced some kind of problems with internet trolls – and a new study has thrown light on who they are. We discuss how best to deal with the online pests.
The post Internet trolls – how to deal with online abuse appeared first on We Live Security.
Folder Plus version 2.5.1 suffers from a persistent script insertion vulnerability.
Apple iOS version 8.0.2 suffers from a contact handling denial of service vulnerability.
