Feed aggregator

Bugtraq: APPLE-SA-2014-09-17-2 Apple TV 7

APPLE-SA-2014-09-17-2 Apple TV 7
Categories:

Bugtraq: APPLE-SA-2014-09-17-1 iOS 8

APPLE-SA-2014-09-17-1 iOS 8
Categories:

Bugtraq: Reflected Cross-Site Scripting (XSS) in MODX Revolution

Reflected Cross-Site Scripting (XSS) in MODX Revolution
Categories:

Bugtraq: Path Traversal in webEdition

Path Traversal in webEdition
Categories:

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories:

APPLE-SA-2014-09-17-2 Apple TV 7

Posted by Apple Product Security on Sep 17

APPLE-SA-2014-09-17-2 Apple TV 7

Apple TV 7 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported...
Categories:

APPLE-SA-2014-09-17-1 iOS 8

BugTraq Latest Security Advisories - 9 hours 19 min ago

Posted by Apple Product Security on Sep 17

APPLE-SA-2014-09-17-1 iOS 8

iOS 8 is now available and addresses the following:

802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if...
Categories:

Bugtraq: MIUI Torch Open Vulnerability

MIUI Torch Open Vulnerability
Categories:

Bugtraq: MIUI Wifi Connection Message Vulnerability

MIUI Wifi Connection Message Vulnerability
Categories:

Reflected Cross-Site Scripting (XSS) in MODX Revolution

BugTraq Latest Security Advisories - 9 hours 30 min ago

Posted by High-Tech Bridge Security Research on Sep 17

Advisory ID: HTB23229
Product: MODX Revolution
Vendor: MODX
Vulnerable Version(s): 2.3.1-pl and probably prior
Tested Version: 2.3.1-pl
Advisory Publication: August 20, 2014 [without technical details]
Vendor Notification: August 20, 2014
Vendor Patch: September 11, 2014
Public Disclosure: September 17, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5451
Risk Level: Low
CVSSv2 Base Score: 2.6...
Categories:

Path Traversal in webEdition

BugTraq Latest Security Advisories - 9 hours 42 min ago

Posted by High-Tech Bridge Security Research on Sep 17

Advisory ID: HTB23227
Product: webEdition
Vendor: webEdition e.V.
Vulnerable Version(s): 6.3.8.0 (SVN-Revision: 6985) and probably prior
Tested Version: 6.3.8.0 (SVN-Revision: 6985)
Advisory Publication: August 6, 2014 [without technical details]
Vendor Notification: August 6, 2014
Vendor Patch: September 4, 2014
Public Disclosure: September 17, 2014
Vulnerability Type: Path Traversal [CWE-22]
CVE Reference: CVE-2014-5258
Risk Level:...
Categories:

3.16.3: stable

Linux Kernel Updates - 10 hours 20 min ago
Version:3.16.3 (stable) Released:2014-09-17 Source:linux-3.16.3.tar.xz PGP Signature:linux-3.16.3.tar.sign Patch:patch-3.16.3.xz (Incremental) ChangeLog:ChangeLog-3.16.3

3.14.19: longterm

Linux Kernel Updates - 10 hours 57 min ago
Version:3.14.19 (longterm) Released:2014-09-17 Source:linux-3.14.19.tar.xz PGP Signature:linux-3.14.19.tar.sign Patch:patch-3.14.19.xz (Incremental) ChangeLog:ChangeLog-3.14.19

3.10.55: longterm

Linux Kernel Updates - 11 hours 3 min ago
Version:3.10.55 (longterm) Released:2014-09-17 Source:linux-3.10.55.tar.xz PGP Signature:linux-3.10.55.tar.sign Patch:patch-3.10.55.xz (Incremental) ChangeLog:ChangeLog-3.10.55

Bugtraq: Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)

Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)
Categories:

Bugtraq: [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow

[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow
Categories:

MIUI Torch Open Vulnerability

BugTraq Latest Security Advisories - 16 hours 28 min ago

Posted by vuln on Sep 17

MIUI Torch Open Vulnerability
I. Summary
com.android.systemui is the corresponding package of MiuiSystemUI.apk, a MIUI system application that manages user

interface and other functions. When started by NFC tag, the torch in NFC mobile phone will be open automatically.
-----------------------------------------------------------------
II. Description
construct a message as follow:
D4 0F 14 61 6E 64 72 6F 69 64 2E 63 6F 6D 3A 70
6B 67 63 6F...
Categories:

MIUI Wifi Connection Message Vulnerability

BugTraq Latest Security Advisories - 16 hours 38 min ago

Posted by vuln on Sep 17

MIUI Wifi Connection Message Vulnerability

I. Summary
Wifi Connection Message is written to a NFC tag, which can be touched by a NFC mobile phone for connecting wireless AP

automatically. A logic flaw has been found in MIUI that is a Android ROM. The flaw can be used to turn on wifi, with
the

help of "wifihandover"(https://play.google.com/store/apps/details?id=net.endflow.apps.wifiho) or "NFC Tag

Assistant"(...
Categories:

Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)

BugTraq Latest Security Advisories - 16 hours 47 min ago

Posted by vuln on Sep 17

I. Summary
Bluetooth Pairing Packet is written to a NFC tag, which can be touched by a NFC mobile phone for bluetooth pairing. A
logic flaw has been found in some

versions of Andorid mobile phone. The flaw can cause NFC phones'bluetooth turned on, regardless of whether the pairing
succeeds or not.
-----------------------------------------------------------------
II. Description
According to the NFC Bluetooth Simple Pairing Message...
Categories:

Bugtraq: USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability

USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability
Categories: