UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.
Monthly Archives: December 2014
North Korea falls off the internet – is the United States to blame?
Barack Obama promises that the United States will respond to the Sony hack, and North Korea drops off the internet. Is there a connection?
The post North Korea falls off the internet – is the United States to blame? appeared first on We Live Security.
Staples Confirms 1.2 Million Cards Lost in Breach
Staples confirmed that it lost close to 1.2 million payment cards in a data breach lasting close to six months and affecting 115 locations in 35 states.
CVE-2014-8015 (identity_services_engine_software)
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor’s guest account via a modified HTTP request, aka Bug ID CSCur64400.
CVE-2014-8017 (identity_services_engine_software)
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
CVE-2014-8018 (unified_communications_domain_manager)
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.
CVE-2014-8992 (modx_revolution)
Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
The Sony Pictures Hack: 5 short sharp lessons we all can learn
The recent hacking of Sony Pictures offers valuable lessons in cybersecurity from which every company and consumer can learn.
The post The Sony Pictures Hack: 5 short sharp lessons we all can learn appeared first on We Live Security.
Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff
Posted by Michal Zalewski on Dec 22
It’s probably worth noting that although the bundled utilities are
pretty buggy, there are also several bugs affecting the libtiff
library itself that can be hit with afl if you clean up the
utility-level bugs first; these affect ImageMagick and any tools that
rely on libtiff to display untrusted images.
I reported some privately to the maintainers few weeks ago (before
your report, in fact), but haven’t had a lot of success so far….
SoX 14.4.1 Heap Buffer Overflow
SoX versions 14.4.1 and below suffer from multiple heap-based buffer overflow vulnerabilities.