Monthly Archive: February 2020

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack,...

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related...

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. Date published : 2020-02-12 https://www.exploit-db.com/exploits/9926 https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. Date published : 2020-02-12 https://developer.joomla.org/security/news/301-20090722-core-file-upload.html https://www.exploit-db.com/exploits/10183

A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and...

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the...

Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. Date published : 2020-02-12 http://www.securityfocus.com/bid/53380 https://seclists.org/fulldisclosure/2012/May/19

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. Date published : 2020-02-12 http://www.securityfocus.com/bid/50541 https://www.securityfocus.com/archive/1/520390

Mambo CMS through 4.6.5 has multiple XSS. Date published : 2020-02-12 https://www.openwall.com/lists/oss-security/2011/06/28/15

The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. Date published : 2020-02-12 https://code.google.com/p/android/issues/detail?id=21347 https://deepsec.net/docs/Slides/2013/DeepSec_2013_Jaime_Sanchez_-_Building_The_First_Android_IDS_On_Network_Level.pdf

A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. Date published : 2020-02-12 http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html https://vuldb.com/?id.10060

The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that...

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. Date published : 2020-02-12 https://github.com/mytrile/node-libnotify/commit/dfe7801d73a0dda10663a0ff3d0ec8b4d5f0d448 http://www.openwall.com/lists/oss-security/2014/05/13/1

scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. Date published : 2020-02-12 http://www.openwall.com/lists/oss-security/2014/05/13/1 http://www.openwall.com/lists/oss-security/2014/05/15/2