Rite CMS version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
1274a580577223e4a8e33ef173e481387afb85ac8e06196222bd514a174e4014
HP Security Bulletin HPSBUX02909 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
bd3989e7ffbbe4edf07702f6c532013ec639b2e618c84b0b6cbbc46c178961ac
Telmanik CMS Press version 1.01b suffers from a remote SQL injection vulnerability in pages.php.
85f94ea9cab330c2a49df8176d99d6957108fa4f82dfd45fb569414eb62cc04a
D-Link DIR-645 devices suffer from buffer overflow and cross site scripting vulnerabilities.
6c293bd3da2a28b48d005775dfec0ff6ae18ffecedfc9f5d9fee044e1dacaee2
INSTEON Hub version 2242-222, a home automation controller for INSTEON and X10 compatible devices, fails to authenticate access to various APIs.
344b9d157fcf088c208cd232978729ba893b86e4c1f8d79ddb434b8c739b31b1
Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API.
ddb62d7e2cdd7b877be375ce3503ead041eecf8f4c500d94945c215ccd64bcb5
Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities.
89ac63705c52fad81984e28370079412330c777051779d769ad506e815011359
LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory.
59e34c3c147f00689fcded58d1f6ab5a5fb010be87beb1a7464a18915563cc9f
MiCasaVerde VeraLite version 1.5.408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities.
f9a3f43c8dc78da3ef4d700ca406a351a37737ce36a34b9e1883287aa0b5874d
HP Security Bulletin HPSBUX02908 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
2c32668d8e5c9a198b03b4ff33351ea8b85b647f21ba4a96c3e2a860907e8a6b
HP Security Bulletin HPSBUX02907 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
66e62742080b7c1654084fad9d12f4e8f66d7fcc5539ac51d77c54a620614e6e
SilverStripe CMS version 3.0.3 suffers from an information exposure issue through query strings in GET requests.
b253aeaf567f0b65c0cda5262c42aa41f9cbc6b6ddccc45eaf619117096d1e74
netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
72e802f84e9a2666d71a07b9b2fee2f975659fa1a31baeb810c3bb775f538738
It is generally assumed that sending and sniffing arbitrary, Fast Ethernet packets can be performed with standard Network Interface Cards (NIC) and generally available packet injection software. However, full control of frame values such as the Frame Check Sequence (FCS) or Start-of-Frame delimiter (SFD) has historically required the use of dedicated and costly hardware. This presentation, given at Blackhat 2013, dissects Fast Ethernet layer 1 and 2 presenting novel attack techniques supported by an affordable hardware setup that, using customized firmware, allows fully arbitrary frame injection. Proof of concept code also included.
bb338be7787778fc49af36b5ed03c58f82629edba14f5a75966b83f8bf58fd3c
Fluidgalleries Photo Upload suffers from a remote shell upload vulnerability.
68e2812789c47bd7158f44b95c822d5fff3b9a8a96664f0a9eb87a4c52376ee7
Digital Whisper Electronic Magazine issue 44. Written in Hebrew.
193ac75bcf6c6de0734d8c9ce20cbfb39ee9104c1ac3912b757602d59d66a393
vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.
4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da
Siemens has updated WinCC SCADA and TIA Portal to address cross site request forgery and URL redirection vulnerabilities.
0dcdf53dc204698a0f794d13e134ead3a850e0ff3d539c62279dbbbf78e5afef
Mandriva Linux Security Advisory 2013-205 - A vulnerability has been discovered and corrected in gnupg and in libgcrypt. Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. The updated packages have been patched to correct this issue.
288a8d5643e7fb7a1b87ff7609e628b2915d2cebf598e44fcb359f5b1096180f