fs/fcntl.c in the “aufs 3.2.x+setfl-debian” patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
Monthly Archives: August 2016
CVE-2016-7119 (dotnetnuke)
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
68 Million Credentials Spilled in 2012 Dropbox Hack
When hackers infiltrated Dropbox in 2012 they made off with credentials for roughly 68 million users.
CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation
CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.
ZKTeco ZKBioSecurity 3.0 User Enumeration
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.
ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting
ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.
ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.
ZKTeco ZKBioSecurity 3.0 File Path Manipulation
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.
ZKTeco ZKBioSecurity 3.0 Add Superadmin Cross Site Request Forgery
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.
ZKTeco ZKBioSecurity 3.0 Cross Site Scripting
ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.