diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks

[Translate]

diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to device enumeration on LAN interface and DoS attacks against both device and network.

CWE-862: Missing Authorization weakness in diag_tool.cgi allows remote attacker to spawn ping (and traceroute) processes on affected devices without authorization. Moreover similar bug […]

Boa Webserver on DASAN H660RM devices with firmware 1.03-0022 saves post data, including credentials, to /tmp/boa-temp

[Translate]

Boa Webserver on DASAN H660RM devices with firmware 1.03-0022 (and possibly other) saves post data, including credentials, to /tmp/boa-temp. Moreover this file is not sanitized after request has been processed, which allow retrieval of login credential possible until another POST request is made.

This vulnerability was assigned CVE-2019-9976.

[…]

syslog_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 uses a hard-coded key for logs encryption

[Translate]

DASAN H660RM devices with firmware 1.03-0022 (and possibly other) uses a hard-coded key “dasanektks123” for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.

This vulnerability was assigned CVE-2019-9975.

[…]

ESE Key Daemon 1.2.7 released

[Translate]

New version of ESE Key Daemon was released today.

New features include the ability to handle multiple key combinations and distinguish between key presses and releases. A problem with the handling of the last line in a configuration file when there is no newline on the last line is gone. Numeric keys are […]

Debian GNU/Linux on Dell Inspiron 1764

[Translate]

Installing, configuring and using Debian GNU/Linux on Dell Inspiron 1764 (N0476409) notebook.

[…]

Integration of AA Google 404 with Atahualpa

[Translate]

AskApache Google 404 default 404.php does not work properly with Atahualpa theme. To fix those problems create another 404.php file in /themes/atahualpa with this content:

[…]

Virtual destinations are faster than Camel routing

[Translate]

Routing messages from one input queue to two output queues in ActiveMQ can be done in two different ways. Apache Camel, a powerful rule-based routing engine often used with ActiveMQ, is a typical choice. Virtual composite queue is another solution. Which to choose? The faster.

[…]

Migrating from ActiveMQ-CPP/CMS version 2.2 to 3.0

[Translate]

Migrating from ActiveMQ-CPP/CMS version 2.2.6 to 3.0.1 is very easy. There are only two minor problems to deal with.

[…]

FreeBSD with X.Org on QEMU

[Translate]

X.Org form ports works fine with cirrus driver, but starts in 800×600 only. Small tweak to configuration file is needed to run X in higher resolutions.

[…]