Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4854.
fc96f82d7269e1b2e9f49331cf9d134e3b7ff653a3fbebacd5125612df832900If you know a valid email address of a given Facebook user, you can find out who their friends are.
614c97918d735e258d69a47faa3eff888d0714d22b018062030f92ec7bae52f0WordPress Usernoise plugin version 3.7.8 suffers from a cross site scripting vulnerability.
db7c5a2b116ba3950246ce1b8a012febe9cad0c08449aaec1a8a3716fe91cdf7Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, the authors demonstrate how on two different vehicles that in some circumstances they are able to control the steering, braking, acceleration and display. They also propose a mechanism to detect these kinds of attacks. All technical information and code needed to reproduce these attacks is included in this archive. This was released to the community as promised by the researchers who presented their findings at Defcon 21.
794a8286ed148e6a725895876ffebe1b0e584fd41753499c11022ae5b23ac94cThis is the unsanitized version of the Firefox malicious javascript exploit that was targeting Tor users. It is suspected that this code was used by the FBI to gain identifying information on Tor users.
2de8af4e04de4f02b6f0621b345ec52277d9af10f102c06f58593f7f996c32c2Vodafone EasyBox versions 802 and 803 suffer from a default WPS PIN algorithm weakness. The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address.
289f3c58cfede8c1346e1a846dc8ad72e079b2ff4985c9f67e119e67dffb4df5Joomseller Events Booking Pro version 5 and JSE Event versions prior to 1.0.1 suffer from a reflective cross site scripting vulnerability.
d7e6b907afc1ec41cdce14807e9e5304c5ae58bfd6f48ea3a7a8eea0b35d1183The Huawei B153 3G/UMTS router suffers from a WPS weakness that allows for authentication bypass.
e1b8d9adad2ae18e4390edb89b02911dcc7c522de998b02c605cb12990494dc5Joomla versions 3.1.5 and 3.1.4 suffer from a reflective cross site scripting vulnerability in example.php.
505f805cbabe1c1344542d455a87ded89cd66960ecb7055c0c0e53332da1021dMultiple HP LaserJet printers have hidden URLs hardcoded in the firmware that fail to authenticate access and disclose sensitive data including the administrative password.
eab87d2d11e284bc6bc8876cb5065c89364d012be92697502305eb5701ada6c2PuTTY versions 0.62 and below suffer from an SSH handshake heap overflow vulnerability.
e29077b43031296e74b1211a81e961e5d6dfe9cf8695d7e7b120536e82fc21a0This is the malicious javascript for the Firefox 0-day created to target Tor users leveraging the .onion sneaker net. The shellcode is supposedly neutered but test at your own risk.
cd7185f9fab4c31772e0a6ba5866007d3c7403dddb2a876e9d5cfde0641934adBook Calendar WordPress plugin version 4.1.4 suffers from a cross site request forgery vulnerability.
6d30a8638065d1685f1f8a6d384817e27bd1bc069b4525025f8cf060ba14c636These are the presentation slides from "VoIP Wars: Return of the SIP" as presented at Defcon 21 in Las Vegas.
b8a1c2dd94a7b8b91a355e18362e46e83c30a286f91570bba6af13abe725558fFTP OnConnect version 1.4.11 for iOS suffers from cross site scripting, local file inclusion, and remote shell upload vulnerabilities.
bb55ba47f6a209dbe1f097db9b534ff474623b79856c410adde1ba4910ba1d61withU Music Share version 1.3.7 for iOS suffers from a command injection vulnerability.
65c6ae752918c5271605b01b555331833389c6e6428012bac903c745772cb943
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed