Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in […]

NVD

CVE-2014-7241 (tsutaya)

December 19, 2014 007admin

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

NVD

CVE-2014-7249 (ar440s, ar440s_firmware, ar441s, ar441s_firmware, ar442s, ar442s_firmware, ar745, ar745_firmware, ar750s, ar750s-dp, ar750s-dp_firmware, ar750s_firmware, at-8624poe, at-8624poe_firmware, at-8624t/2m, at-8624t/2m_firmware, at-8648t/2sp, at-8648t/2sp_firmware, at-8748xl, at-8748xl_firmware, at-8848, at-8848_firmware, at-9816gb, at-9816gb_firmware, at-9924t, at-9924t_firmware, at-9924ts, at-9924ts_firmware, centrecom_8700sl_firmware, centrecom_8948xl, centrecom_8948xl_firmware, centrecom_9924sp, centrecom_9924sp_firmware, centrecom_9924t/4sp, centrecom_9924t/4sp_firmware, centrecom_ar415s, centrecom_ar415s_firmware, centrecom_ar450s, centrecom_ar450s_firmware, centrecom_ar550s, centrecom_ar550s_firmware, centrecom_ar570s, centrecom_ar570s_firmware, centrecom_ar8700sl, rapier_48i, rapier_48i_firmware, switchblade4000, switchblade4000_firmware)

December 19, 2014 007admin

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

NVD

CVE-2014-7267 (wbs_gantt-chart)

December 19, 2014 007admin

Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

NVD

CVE-2014-7268 (wbs_gantt-chart)

December 19, 2014 007admin

Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

NVD

CVE-2014-8272 (idrac6_modular, idrac6_monolithic, idrac7, ipmi)

December 19, 2014 007admin

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

007 Software

Monthly Archives: December 2014

JCE-Tech 4.0 Cross Site Scripting

Facebook BB #18 – IDOR Issue & Privacy Vulnerability

Mobilis 3g MobiConnect 3G++ ZDServer v1.0.1.2 – Privilege Escalation Vulnerability

iBackup v10.0.0.45 – Privilege Escalation Vulnerability

USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds

CVE-2014-7241 (tsutaya)

CVE-2014-7267 (wbs_gantt-chart)

CVE-2014-7268 (wbs_gantt-chart)

CVE-2014-8272 (idrac6_modular, idrac6_monolithic, idrac7, ipmi)

Software and Security Information