BenTasker.co.uk

Home
Blog
Whitepapers
Documentation
Videos
Shop
Feeds
Photography

Home / Blog / Security

Latest Posts

The Curious Case of BitFi and Secret Persistence
Building a DNS over TLS (DoT) server
Configuring Pi-Hole to update blocklists more regularly
Saab Keycase Replacement
The Importance of Provider Redundancy

Security

The Curious Case of BitFi and Secret Persistence	16 July 2019
A guide to designing Account Security Mechanisms	26 March 2017
Don't Use Web2Tor/Tor2Web (especially Onion.cab)	04 March 2017
The State of Mobile Banking (in the UK)	21 June 2016
The DVLA is routinely sending sensitive details via email	28 December 2014
Understanding Password Storage	22 June 2014
My Own Little HeartBleed Headache	19 April 2014
Why You Shouldn't be using SHA1 or MD5 to Store Passwords	07 June 2013
Darkleech Apache attacks on the rise, but is it really that hard to detect?	02 May 2013
Do We Take Security and Safety for Granted?	18 November 2011

Page 1 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2012-0779 (flash_player)
CVE-2012-4820 (5.0, 5.1, 5.1.1, java, lotus_domino, lotus_notes, lotus_notes_sametime, lotus_notes_traveler, rational_change, rational_host_on-demand, service_delivery_manager, smart_analytics_system_5600, smart_analytics_system_5600_software, tivoli_monitoring, tivoli_remote_control, websphere_real_time)
CVE-2013-0733 (paintshop_pro_x5, paintshop_pro_x6)
CVE-2013-2751 (raidiator)
CVE-2013-2752 (raidiator)
CVE-2014-10374
CVE-2014-1983 (remote_service_manager)
CVE-2014-1984 (remote_service_manager)
CVE-2014-2681 (zend_framework, zendopenid, zendrest, zendservice_amazon, zendservice_api, zendservice_audioscrobbler, zendservice_nirvanix, zendservice_slideshare, zendservice_technorati, zendservice_windowsazure)
CVE-2014-2682 (zend_framework, zendopenid, zendrest, zendservice_amazon, zendservice_api, zendservice_audioscrobbler, zendservice_nirvanix, zendservice_slideshare, zendservice_technorati, zendservice_windowsazure)

Return to listing

CVE-2012-0779 (flash_player)

Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.

CVE-2012-4820 (5.0, 5.1, 5.1.1, java, lotus_domino, lotus_notes, lotus_notes_sametime, lotus_notes_traveler, rational_change, rational_host_on-demand, service_delivery_manager, smart_analytics_system_5600, smart_analytics_system_5600_software, tivoli_monitoring, tivoli_remote_control, websphere_real_time)

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

CVE-2013-0733 (paintshop_pro_x5, paintshop_pro_x6)

Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.

CVE-2013-2751 (raidiator)

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

CVE-2013-2752 (raidiator)

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

CVE-2014-10374

On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations.

CVE-2014-1983 (remote_service_manager)

Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

CVE-2014-1984 (remote_service_manager)

Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.

CVE-2014-2681 (zend_framework, zendopenid, zendrest, zendservice_amazon, zendservice_api, zendservice_audioscrobbler, zendservice_nirvanix, zendservice_slideshare, zendservice_technorati, zendservice_windowsazure)

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.

CVE-2014-2682 (zend_framework, zendopenid, zendrest, zendservice_amazon, zendservice_api, zendservice_audioscrobbler, zendservice_nirvanix, zendservice_slideshare, zendservice_technorati, zendservice_windowsazure)

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.

Latest Posts

The Curious Case of BitFi and Secret Persistence
Building a DNS over TLS (DoT) server
Configuring Pi-Hole to update blocklists more regularly
Saab Keycase Replacement
The Importance of Provider Redundancy

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template