fbpx

This website uses cookies to ensure you get the best experience on our website. More Information...

SECURITY LABS

ADVISORIES
Obrela Security Industries Advisory (OSI-1502)

Advisory ID  OSI-1502 Description: Dnsmasq does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client’s connection.  This may lead, upon successful exploitation, to reading the heap […]

READ MORE
Obrela Security Industries Advisory (OSI-1501)

Advisory ID  OSI-1501 Description: The XML parser of Cisco Prime Service Catalog suffers from a vulnerability that could allow an authenticated remote attacker to either cause denial of service conditions (resources consumption) or retrieve sensitive data (local data access). Researcher: Alexis Dimitriadis (a.dimitriadis[a t]obrela[do t]com) Vulnerability: CVE-2015-0581: Cisco Prime Service Catalog XML External Entity Processing Vulnerability […]

READ MORE
Obrela Security Industries Advisory (OSI-1402)

Advisory ID  OSI-1402 Description Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service. An arbitrary write of zero in to any location at […]

READ MORE
Obrela Security Industries Advisory (OSI-1401)

Advisory ID OSI-1401 Description Four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: A stack overflow at airodump-ng gps_tracker() which may lead to code execution, privilege escalation. A length parameter inconsistency at aireplay tcp_test() which may lead to […]

READ MORE
Obrela Security Industries Advisory (OSI-1301)

pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase. For further information please see here: http://www.exploit-db.com/exploits/24439/ For more information about pfSense see the main site: http://www.pfsense.org/ pfSense is a very popular Open Source Firewall and Routing […]

READ MORE