Posted by Benedikt Westermann on Mar 09
Hi Nick,
Status remains the same. The vulnerabilities are also valid for the new version 1.4.0.6. I checked it and could still
reproduce the password-reset, the XSS, the CSRF, and the found also the cookie mentioned in the report after login. So,
nothing has changed with respect to the vulnerabilities.
Regards,
Benedikt
Posted by Rafa Sanchez on Mar 09
Dear colleagues,
Please, allow us to introduce MrLooquer -> https://www.mrlooquer.com
MrLooquer combines open source intelligence techniques with heuristic and
data mining to perform one of the first attempts to create a real map about
IPv6 deployment and its relationship with current networks and protocols.
MrLooquer is born as an open initiative with Creative Commons license
focused on:
– Data discovery
– Visual intelligence
-…
Posted by Sebastian Perez on Mar 09
[System Affected]
Thomson Router
HW Revision 2.0
VENDOR Thomson
BOOT Revision 2.1.7i
MODEL TWG850-4U
Software Version ST9D.01.09
Serial Number 00939902404041
Firmware Name TWG850-4U-9D.01.09-100528-S-001.bin
[Vulnerabilities]
1- Cross-Site Request Forgery
2- Unauthenticated access to resources
3- Persistent Cross-Site Scripting
[Advisory Timeline]
06-Jan-2016 – Vendor contacted through the website
11-Jan-2016 – Email sent to vendor
09-Mar-2016…
Posted by oststrom (public) on Mar 09
A potential addition to your honeypots.
Author: <github.com/tintinweb>
Ref:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
Version: 0.1
Date: Feb 20th, 2016
Tag: putty pscp client-side post-auth stack buffer overwrite when
processing remote file size
Overview
——–
Name: putty
Vendor: sgtatham
References: * http://www.chiark.greenend.org.uk/~sgtatham/putty/…
Posted by X41 D-Sec GmbH Advisories on Mar 09
X41 D-Sec GmbH Security Advisory: X41-2016-001
Memory Corruption Vulnerability in “libotr”
===========================================
Overview
——–
Severity Rating: high
Confirmed Affected Version: 4.1.0 and below
Confirmed Patched Version: libotr 4.1.1
Vendor: OTR Development Team
Vendor URL: https://otr.cypherpunks.ca
Vendor Reference: OTR Security Advisory 2016-01
Vector: Remote
Credit: X41 D-Sec GmbH, Markus Vervier
Status:…
The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147.
The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.
The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.
Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.
Two cloud security vendors publish reports that say hundreds of hosted apps and services remain vulnerable to the DROWN TLS flaw.