Monthly Archive: September 2018

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in...

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. Date published : 2018-09-14 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638...

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Date published : 2018-09-14 http://www.securityfocus.com/bid/105538 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12585.pdf

Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Date published : 2018-09-14 http://www.securityfocus.com/bid/105538 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic...

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability...

Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. Date published : 2018-09-14 https://www.exploit-db.com/exploits/45387/ http://packetstormsecurity.com/files/149326/SynaMan-40-Build-1488-SMTP-Credential-Disclosure.html

Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. Date published : 2018-09-14 https://www.exploit-db.com/exploits/45386/ http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Date published : 2018-09-14 https://www.qnap.com/zh-tw/security-advisory/nas-201809-14

On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements. Date published : 2018-09-13 http://www.securityfocus.com/bid/105345 https://support.f5.com/csp/article/K05018525

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build...

On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. Date published : 2018-09-13 http://www.securityfocus.com/bid/105344 https://support.f5.com/csp/article/K20226900

In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. Date...

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. Date published : 2018-09-13 https://github.com/bigtreecms/BigTree-CMS/issues/342