OpenSSH is a free suite of connectivity tool aka OpenBSD Secure Shell, which provides secure encryption for both remote login and file transfer between two hosts over a network. CVE-2016-6515 (Denial of Service Vulnerability) It has been discovered that OpenSSH server incorrectly handles password hashing while authenticating non-existing users. In OpenSSH versions prior to 7.3, the ‘auth_password’ function in ‘auth_passwd.c’ script, […]

Read More →

Microsoft February 2016 Patch Tuesday bring 13 Security Bulletins, which is addressing 37 vulnerabilities. Six are rated as Critical and 7 are Important. Following six bulletins are rated as Critical, MS16-009 for Internet Explorer.  MS16-011 for Microsoft Edge. MS16-012 for Windows PDF Library.  MS16-013 for Windows Journal. MS16-015 for Microsoft Office and MS16-022  for Adobe Flash Player.   Microsoft security bulletin summary for February 2016 in order of severity […]

Read More →

MS Patch Tuesday May 2015   This May 2015 Patch Tuesday Microsoft released 13 security bulletins addressing a total of 46 vulnerabilities. This month high priority fix is for Internet Explorer which alone addresses 22 out of 46 vulnerabilities. This month 3 bulletins are rated as Critical, addressing 30 vulnerabilities and 10 are rated as […]

Read More →

  This April another big update from Microsoft, which includes 11 security bulletins addressing a total of 26 vulnerabilities. The high priority fix is for Microsoft Office addressing 5 vulnerabilities, Windows HTTP protocol stack (HTTP.sys) and Internet Explorer addressing 10 vulnerabilities. This month four bulletins are rated as Critical, addressing 17 vulnerabilities and seven are […]

Read More →

A big Patch Tuesday this month consisting of total fourteen security bulletins address total of 45 vulnerabilities. This month also high priority fix is for Internet Explorer along with Microsoft Windows, Adobe Font Driver, VBScript Scripting Engine, and Microsoft Office. Internet Explorer addresses and Adobe Font Driver address total 20 out of 45 vulnerabilities. This […]

Read More →

SecPod Research Team member (Antu Sanadi) has found a Denial Of Service Vulnerability in Oxide Webserver. The vulnerability is caused by an error in handling some crafted characters in HTTP GET requests, which allows remote attackers to crash the service. More information can be found here. Welcome any feedback or suggestion. Cheers! SecPod Research Team

Read More →