Security News

[SYSS-2016-054] QNAP QTS - OS Command Injection

Bug Traq - 18 August, 2016 - 14:13

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-07
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-048] QNAP QTS - OS Command Injection

Bug Traq - 18 August, 2016 - 14:05

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

Bugtraq: Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access

Security Focus Vulnerabilities - 18 August, 2016 - 10:55
Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access

Bugtraq: [SECURITY] [DSA 3650-1] libgcrypt20 security update

Security Focus Vulnerabilities - 18 August, 2016 - 10:55
[SECURITY] [DSA 3650-1] libgcrypt20 security update

Bugtraq: [SECURITY] [DSA 3649-1] gnupg security update

Security Focus Vulnerabilities - 18 August, 2016 - 10:55
[SECURITY] [DSA 3649-1] gnupg security update

Bugtraq: Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 18 August, 2016 - 10:55
Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

Bug Traq - 18 August, 2016 - 10:38

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...

[SYSS-2016-048] QNAP QTS - OS Command Injection

Bug Traq - 18 August, 2016 - 10:30

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite

Bug Traq - 18 August, 2016 - 10:21

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-053
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Arbitrary file overwrite (CWE-23)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-052] QNAP QTS - OS Command Injection

Bug Traq - 18 August, 2016 - 10:13

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-052
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

Re: Latency is a demogorgon

Daily Dave - 18 August, 2016 - 09:06

Posted by Parity on Aug 18

A fun question to ask is, *"why wasn't that Cisco ASA remote patched?"*

Because EQGRP didn't tell Cisco about it, duh.

But, wait, if you're EQ and suddenly a bunch of your vulns are in the wind,
you're bloody well going to rethink the equities there, right? Especially
knowing that an adversary was suddenly in possession of a bunch of your
unpatched vulnerabilities...

Unless, of course, you didn't know.

pty...

Re: Latency is a demogorgon (dave aitel)

Daily Dave - 18 August, 2016 - 08:56

Posted by Jeffrey Carr on Aug 18

Thanks for this post, Dave. I enjoyed reading it.

Regarding the EQ Group leak, I think that there's a good case to be made
that an insider or an ex-employee was responsible. I hope to have some
reasons posted on why that is in the next few days.

Jeff Carr

On Wed, Aug 17, 2016 at 9:00 AM, <dailydave-request () lists immunityinc com>
wrote:

Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access

Bug Traq - 18 August, 2016 - 06:58

Posted by Andrew Klaus on Aug 18

### Device Details
Vendor: Actiontec (Telus Branded)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual: http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manual.pdf
Reported: November 2015
Status: Fixed on T2200H-31.128L.07
CVE: Not needed since update is pushed by the provider.

The Telus Actiontec T2200H is Telus’ standard bonded VDSL2 modem. It...

[SECURITY] [DSA 3650-1] libgcrypt20 security update

Bug Traq - 18 August, 2016 - 06:52

Posted by Salvatore Bonaccorso on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3650-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgcrypt20
CVE ID : CVE-2016-6313

Felix Doerre...

[SECURITY] [DSA 3649-1] gnupg security update

Bug Traq - 18 August, 2016 - 06:43

Posted by Salvatore Bonaccorso on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3649-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnupg
CVE ID : CVE-2016-6313

Felix Doerre and...

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Bug Traq - 18 August, 2016 - 06:35

Posted by Cisco Systems Product Security Incident Response Team on Aug 18

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-asa-snmp

Revision: 1.0

For Public Release: 2016 August 17 18:45 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======

A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA)
Software could allow an unauthenticated,...

Bugtraq: Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 18 August, 2016 - 06:30
Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

Bugtraq: Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 18 August, 2016 - 06:30
Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability

Bugtraq: Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability

Security Focus Vulnerabilities - 18 August, 2016 - 06:30
Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability

Bugtraq: [SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79)

Security Focus Vulnerabilities - 18 August, 2016 - 06:30
[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79)
Syndicate content