Monthly Archives: July 2016

NVD

CVE-2016-4834

Leave a comment

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

NVD

CVE-2016-5138

Leave a comment

Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.

NVD

CVE-2016-5672

Leave a comment

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user’s acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.

Security

Debian Security Advisory 3636-1

Leave a comment

Debian Linux Security Advisory 3636-1 – Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code.

Full Disclosure

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA

Leave a comment

Posted by Summer of Pwnage on Jul 31

————————————————————————
Multiple vulnerabilities in All In One WP Security & Firewall plugin
login CAPTCHA
————————————————————————
Sipke Mellema, July 2016

————————————————————————
Abstract
————————————————————————
The login CAPTCHA provided by the…