Riasztások

SecurityFocus · 2017. december 31.

Vuln: Apache Wicket CVE-2016-6793 Denial of Service Vulnerability

Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
seclist.org · 1 óra 10 perc

bugtraq () securityfocus com

Posted by Securify B.V. via Fulldisclosure on Nov 22

------------------------------------------------------------------------
Clickjacking vulnerability in CSRF error page pfSense
------------------------------------------------------------------------
Yorick Koster, November 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
pfSense is a free and open source firewall and router. It was...
seclist.org · 1 óra 10 perc

Clickjacking vulnerability in CSRF error page pfSense

Posted by Securify B.V. via Fulldisclosure on Nov 22

------------------------------------------------------------------------
Clickjacking vulnerability in CSRF error page pfSense
------------------------------------------------------------------------
Yorick Koster, November 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
pfSense is a free and open source firewall and router. It was...
NVD: all CVE · 2 óra 19 perc

CVE-2017-6166

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
Talos Group- Cisco blog · 5 óra 26 perc

Talos Wins The 5th Volatility Plugin Contest With Pyrebox

Talos has won this year’s 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyse operating system memory. The framework exists since 2007, for the previous 5 years they have run a plugin contest to find the most innovative, interesting, and useful extensions for the Volatility framework. Pyrebox is an open-source Python scriptable […]
NVD: all CVE · 10 óra 19 perc

CVE-2017-16926

Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.
NVD: all CVE · 10 óra 19 perc

CVE-2017-8860

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request.
NVD: all CVE · 10 óra 19 perc

CVE-2017-8861

Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets.
NVD: all CVE · 10 óra 19 perc

CVE-2017-8862

The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.
NVD: all CVE · 10 óra 19 perc

CVE-2017-8863

Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.
NVD: all CVE · 10 óra 19 perc

CVE-2017-8864

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.
SecurityFocus · 12 óra 45 perc

Bugtraq: [SECURITY] [DSA 4045-1] vlc security update

[SECURITY] [DSA 4045-1] vlc security update
SecurityFocus · 12 óra 45 perc

Bugtraq: CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS)

CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS)
SecurityFocus · 12 óra 45 perc

Bugtraq: CSNC-2017-029 MyTy Blind SQL Injection

CSNC-2017-029 MyTy Blind SQL Injection
SecurityFocus · 12 óra 45 perc

Bugtraq: [SECURITY] [DSA 4044-1] swauth security update

[SECURITY] [DSA 4044-1] swauth security update
Linux security Advisories · 13 óra 39 perc

Fedora 25: python-copr Security Update

LinuxSecurity.com: Change default COPR URL route from http://copr.fedoraproject.org to https://copr.fedorainfracloud.org
Linux security Advisories · 13 óra 39 perc

Fedora 25: perl-Net-Ping-External Security Update

LinuxSecurity.com: Fixes a command injection vulnerability (CVE-2008-7319)
Linux security Advisories · 13 óra 39 perc

Fedora 25: thunderbird Security Update

LinuxSecurity.com: For changes see: https://www.mozilla.org/en-US/thunderbird/52.4.0/releasenotes/
Linux security Advisories · 13 óra 39 perc

Fedora 25: memcached Security Update

LinuxSecurity.com: Update to 1.4.39, which includes a security fix for CVE-2017-9951
Linux security Advisories · 13 óra 39 perc

Fedora 25: python-XStatic-jquery-ui Security Update

LinuxSecurity.com: Security fix for `CVE-2016-7103 `