InfraPower PPS-02-S Q213V1 suffers from an authentication bypass vulnerability. The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in ‘Function.php’ checks only if the ‘Login’ Cookie is empty or not, allowing easy bypass of the user security mechanisms.
InfraPower PPS-02-S Q213V1 suffers from a cross site request forgery vulnerability.
https://ncd.kpo.go.th/chronic/yu1337.html notified by ./LegionLeader404
Tags:
defacement
http://www.narathiwatpao.go.th/home/images/jdownloads/screenshots/h.gif notified by NeT.Defacer
Tags:
defacement
Apple Security Advisory 2016-10-27-1 – Xcode 8.1 is now available and addresses code execution vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2016-10-27-2 – iCloud for Windows v6.0.1 is now available and addresses input validation and memory corruption vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2016-10-27-3 – iTunes 12.5.2 for Windows is now available and addresses information disclosure and code execution vulnerabilities.
Tags:
Apple,
ios,
osx
Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.
Tags:
Apple,
ios,
osx
A logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.
Tags:
Apple,
ios,
osx
Joomla versions 3.4.4 through 3.6.4 suffer from account creation and privilege escalation vulnerabilities.