Monthly Archive: October 2017

On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the...

The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected...

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836,...

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes...

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. Date published : 2017-10-29 https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_label_index.php-SQL%20injection%20vulnerability

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an...

In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext...

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker...

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer...

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code...

ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43083/ https://packetstormsecurity.com/files/144446/ZeeBuddy-2x-SQL-Injection.html

Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the ‘product_id’ to add_to_cart.php, a different vulnerability than CVE-2008-4461. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43084/ https://packetstormsecurity.com/files/144445/Vastal-I-Tech-Dating-Zone-0.9.9-SQL-Injection.html

tPanel 2009 allows SQL injection for Authentication Bypass via ‘or 1=1 or ”=’ to login.php. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43085/ https://packetstormsecurity.com/files/144444/tPanel-2009-SQL-Injection.html

Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43086/ https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html