Security News

Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass

Full Disclosure - 16 August, 2016 - 05:32

Posted by Reggie Dodd on Aug 16

[TITLE]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication
Bypass

[CREDITS & AUTHORS]
Reginald Dodd
https://www.linkedin.com/in/reginalddodd

[VENDOR & PRODUCT]
Taser International Inc.
Axon Dock - Body-Worn Camera Docking Station
https://www.axon.io/products/dock

[SUMMARY]
The Axon Dock is the camera docking station component of Taser's body-worn
camera system. It charges body-worn cameras and automatically...

German Cable Provider Router (In)Security

Full Disclosure - 16 August, 2016 - 05:31

Posted by Sebastian Michel on Aug 16

Hey Guys,

im not sure if this is a new point. But i´m thinking about a possible security hole by design
which exists at maybe many (german) cable providers.

German cable providers like Unitymedia/Kabel Deutschland provides u a Fritzbox or any other
Cable-Router for internet access. As you know, this routers have a mac-address on every
Interface like on wifi, ethernet and so on.

By default, the Wifi-SSID is public available. The SSID gives you...

Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege

Full Disclosure - 16 August, 2016 - 05:30

Posted by Stefan Kanthak on Aug 16

Hi @ll,

JRT.exe (see <https://en.malwarebytes.com/junkwareremovaltool/>)

1. is vulnerable to DLL hijacking:
see <https://cwe.mitre.org/data/definitions/426.html>
and <https://cwe.mitre.org/data/definitions/427.html> for
these WELL-KNOWN and WELL-DOCUMENTED beginner's errors;

2. creates an unsafe directory "%TEMP%\jrt":
see <https://cwe.mitre.org/data/definitions/377.html>
and <...

php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12

Full Disclosure - 16 August, 2016 - 05:29

Posted by crashenator on Aug 16

CERT ID - VU#520504 (pending since 2015)
Product - php-gettext
Company - Danilo Segan
Name - php-gettext php code execution
Versions - <1.0.12
Patched - 11/11/2015
Ref: https://launchpad.net/php-gettext/trunk/1.0.12
Vulnerability - "code injection into the ngettext family of calls:
evaluating the plural form formula can execute arbitrary code if number
is passed unsanitized from the untrusted user."
Description -
In 1.0.11 and...

Actiontec T2200H (Telus Modem) Root Reverse Shell

Full Disclosure - 16 August, 2016 - 05:28

Posted by Andrew Klaus on Aug 16

### Device Details
Vendor: Actiontec (Telus Branded, but may work on others)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual:
http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manual.pdf

Reported: November 2015
Status: Fixed on newly pushed firmware version
CVE: Not needed since update is pushed by the provider.

The Telus Actiontec T2200H is Telus’...

Vuln: cracklib CVE-2016-6318 Local Stack Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
cracklib CVE-2016-6318 Local Stack Buffer Overflow Vulnerability

Vuln: Enpass DLL Loading Local Code Execution Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Enpass DLL Loading Local Code Execution Vulnerability

Vuln: IBM Forms Experience Builder CVE-2016-0370 Unspecified Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
IBM Forms Experience Builder CVE-2016-0370 Unspecified Cross Site Scripting Vulnerability

Vuln: Cybozu Mailwise CVE-2016-4844 Clickjacking Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Cybozu Mailwise CVE-2016-4844 Clickjacking Vulnerability

Vuln: Cybozu Mailwise CVE-2016-4843 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Cybozu Mailwise CVE-2016-4843 Information Disclosure Vulnerability

Vuln: Cybozu Mailwise CVE-2016-4842 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Cybozu Mailwise CVE-2016-4842 Information Disclosure Vulnerability

Vuln: Cybozu Mailwise CVE-2016-4841 Email Header Injection Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Cybozu Mailwise CVE-2016-4841 Email Header Injection Vulnerability

Vuln: OpenSSH CVE-2016-1908 Security Bypass Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
OpenSSH CVE-2016-1908 Security Bypass Vulnerability

Vuln: OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability

Vuln: PCRE CVE-2016-1283 Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
PCRE CVE-2016-1283 Heap Buffer Overflow Vulnerability

Vuln: IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability

Vuln: Oracle Java SE and JRockit CVE-2016-0695 Remote Security Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Oracle Java SE and JRockit CVE-2016-0695 Remote Security Vulnerability

Vuln: IBM Java SDK Incomplete Fix Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
IBM Java SDK Incomplete Fix Remote Code Execution Vulnerability

Vuln: Oracle Java SE CVE-2016-0687 Remote Security Vulnerability

Security Focus Vulnerabilities - 15 August, 2016 - 23:00
Oracle Java SE CVE-2016-0687 Remote Security Vulnerability

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin

Full Disclosure - 15 August, 2016 - 11:22

Posted by Summer of Pwnage on Aug 15

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...
Syndicate content