Monthly Archives: December 2015
Wireshark Infer_pkt_encap Out-Of-Bounds Read
A crash can occur in Wireshark due to a heap-based out-of-bounds read in Infer_pkt_encap.
Wireshark AirPDcapDecryptWPABroadcastKey Out-Of-Bounds Read
A crash can occur in Wireshark due to a heap-based out-of-bounds read in AirPDcapDecryptWPABroadcastKey.
EMC VPLEX Undocumented Account
EMC VPLEX GeoSynchrony code level 5.5 and earlier contains an undocumented account that may potentially be utilized by malicious VPLEX users to gain unauthorized access to the system.
Joomla Releases Security Update for CMS
Original release date: December 22, 2015
Joomla has released version 3.4.7 of its content management system (CMS) software to address two vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the Joomla Release News and US-CERT’s Alert on Content Management Systems Security and Associated Risks and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
SIPROTEC 4 and SIPROTEC Compact FAQ #5
Posted by SCADA StrangeLove on Dec 22
“SIPROTEC 4 and SIPROTEC Compact devices allow the display of extended
internal statistics and test information…
To access this information, the confirmation code … needs to be provided
when prompted.”
Good to know…
http://scadastrangelove.blogspot.com/2015/12/now-declared-capabilities.html
Encrypted Email Servers Seized by German Authorities After School Bomb Threats
In the wake of a hoax bomb threat, all public schools in Los Angeles were closed for a day last week, and now German authorities have seized an encrypted email server.
But, Does that make sense?
In a video statement posted on Monday, the administrator of Cock.li – an anonymous email provider service – said German authorities had seized a hard drive from one of its servers that used to
Symfony PHP Framework Session Fixation
Symfony PHP Framework versions 2.3.0 to 2.3.34, 2.6.0 to 2.6.11, and 2.7.0 to 2.7.6 suffers from a session fixation vulnerability.
giflib 5.1.1 Heap Overflow
A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type IMAGE_DESC_RECORD_TYPE due to the allocated size of LineBuffer equaling the value of the logical screen width, GifFileIn->SWidth, while subsequently having GifFileIn->Image.Width bytes of data written to it.
Suricata IDPE 2.0.11
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.