Feed aggregator

[SEARCH-LAB advisory] UPC Hungary network problems

BugTraq Latest Security Advisories - July 20, 2016 - 7:00am

Posted by Gergely Eberhardt on Jul 20

UPC network problems
--------------------

Platforms / Firmware confirmed affected:
- UPC Hungary network

Problems
--------
Network and device configuration problems
Administration password is sent to the device in plain in the
configuration file
Administration password, which is used also for the telnet service, is
sent in plain in the configuration file downloaded by the device via
TFTP from the location specified by the DHCP response. The...
Categories:

[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities

BugTraq Latest Security Advisories - July 20, 2016 - 6:53am

Posted by Gergely Eberhardt on Jul 20

Technicolor TC7200 modem/router multiple vulnerabilities
--------------------------------------------------------

Platforms / Firmware confirmed affected:
- Technicolor TC7200, STD6.02.11
- Product page:
http://www.technicolor.com/en/solutions-services/connected-home/broadband-devices/cable-modems-gateways/tc7200-tc7300

Vulnerabilities
---------------
Insecure session management
The web interface does not use cookies at all and does not check...
Categories:

[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities

BugTraq Latest Security Advisories - July 20, 2016 - 6:43am

Posted by Gergely Eberhardt on Jul 20

Compal CH7465LG-LC modem/router multiple vulnerabilities
--------------------------------------------------------

The following vulnerabilities are the result of a quick check (~3 hours)
of the Mercury modem. We performed a systematic and deeper evaluation of
this device also, which result will be described in a separate report
[2] and advisory.

Platforms / Firmware confirmed affected:
- Compal CH7465LG-LC, CH7465LG-NCIP-4.50.18.13-NOSH...
Categories:

[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities

BugTraq Latest Security Advisories - July 20, 2016 - 6:34am

Posted by Gergely Eberhardt on Jul 20

Hitron CGNV4 modem/router multiple vulnerabilities
--------------------------------------------------

Platforms / Firmware confirmed affected:
- Hitron CGNV4, 4.3.9.9-SIP-UPC
- Product page: http://www.hitrontech.com/en/cable_detail.php?id=62

Vulnerabilities
---------------
Insecure session management
The web interface uses insecure cookies, which can be brute-forced
easily (e.g cookie: userid=0). If admin login is successful, the IP
address of...
Categories:

[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities

BugTraq Latest Security Advisories - July 20, 2016 - 6:26am

Posted by Gergely Eberhardt on Jul 20

Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
-----------------------------------------------------------------

Platforms / Firmware confirmed affected:
- Cisco EPC3925, ESIP-12-v302r125573-131230c_upc

Vulnerabilities
---------------
Default SSID and passphrase can be calculated
The default SSID and passphrase are derived from the MAC address and the
DOCSIS serial number. Since the MAC address of the device is broadcasted...
Categories:

[SECURITY] [DSA 3623-1] apache2 security update

BugTraq Latest Security Advisories - July 20, 2016 - 6:16am

Posted by Salvatore Bonaccorso on Jul 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3623-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2016-5387

Scott Geary of...
Categories:

Bugtraq: CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]

CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
Categories:

Bugtraq: Multiple SQL injection vulnerabilities in WordPress Video Player

Multiple SQL injection vulnerabilities in WordPress Video Player
Categories:

Bugtraq: Cross-Site Request Forgery in Icegram WordPress Plugin

Cross-Site Request Forgery in Icegram WordPress Plugin
Categories:

Bugtraq: Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin

Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin
Categories:

next-20160720: linux-next

Linux Kernel Updates - July 20, 2016 - 3:05am
Version:next-20160720 (linux-next) Released:2016-07-20