Feed aggregator

Neoscreen v4.5 Cross-site scripting

BugTraq Latest Security Advisories - July 25, 2016 - 3:52am

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Cross-site scripting
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen digital...
Categories:

Neoscreen v4.5 Blind SQL injection

BugTraq Latest Security Advisories - July 25, 2016 - 3:44am

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Blind SQL injection
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------...
Categories:

Neoscreen v4.5 Authentication bypass

BugTraq Latest Security Advisories - July 25, 2016 - 3:37am

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen...
Categories:

[SECURITY] [DSA 3626-1] openssh security update

BugTraq Latest Security Advisories - July 25, 2016 - 3:29am

Posted by Salvatore Bonaccorso on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3626-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2016-6210
Debian Bug :...
Categories:

Autobahn|Python Insecure allowedOrigins validation >= 0.14.1

BugTraq Latest Security Advisories - July 25, 2016 - 3:20am

Posted by mgill on Jul 25

Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third
parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within
another browser's context.

Proof of Concept:
The following will set
```
class OriginCheckServerFactory(WebSocketServerFactory):
protocol = ...arbitrary entry here...

def...
Categories:

Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design

BugTraq Latest Security Advisories - July 25, 2016 - 3:12am

Posted by Stefan Kanthak on Jul 25

Hi @ll,

Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).

DISM.exe needs to be run with administrative privileges:
this condition is met in both cases named above.

When called with valid arguments, DISM.exe creates a...
Categories:

Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking

BugTraq Latest Security Advisories - July 25, 2016 - 3:02am

Posted by Stefan Kanthak on Jul 25

Hi @ll,

this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.

Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~

1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-win64.exe", save them in an arbitrary directory.

2. Create the (empty) files...
Categories:

Bugtraq: [SECURITY] [DSA 3625-1] squid3 security update

[SECURITY] [DSA 3625-1] squid3 security update
Categories:

Bugtraq: Dreammail 5 mail client XSS Vulnerability

Dreammail 5 mail client XSS Vulnerability
Categories:

Bugtraq: [slackware-security] php (SSA:2016-203-02)

[slackware-security] php (SSA:2016-203-02)
Categories:

Bugtraq: [slackware-security] gimp (SSA:2016-203-01)

[slackware-security] gimp (SSA:2016-203-01)
Categories:

[slackware-security] bind (SSA:2016-204-01)

BugTraq Latest Security Advisories - July 25, 2016 - 2:53am

Posted by Slackware Security Team on Jul 25

[slackware-security] bind (SSA:2016-204-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...
Categories:

CA20160721-01: Security Notice for CA eHealth

BugTraq Latest Security Advisories - July 25, 2016 - 2:44am

Posted by Kotas, Kevin J on Jul 25

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...
Categories:

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

BugTraq Latest Security Advisories - July 25, 2016 - 2:34am

Posted by Tim Allison on Jul 25

CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Categories:

MySQL zero-day vulnerabilities (July 2016 CPU)

BugTraq Latest Security Advisories - July 25, 2016 - 2:25am

Posted by lem . nikolas on Jul 25

MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google,
Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to
identify and mitigate those vulnerabilities.

Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.

You can get a copy of the report...
Categories:

next-20160725: linux-next

Linux Kernel Updates - July 25, 2016 - 1:14am
Version:next-20160725 (linux-next) Released:2016-07-25

Vuln: Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
Categories:

Vuln: PHP 'zip_stream.c' Integer Overflow Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP 'zip_stream.c' Integer Overflow Vulnerability
Categories:

Vuln: PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
Categories:

Vuln: PHP 'snmp.c' Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP 'snmp.c' Denial of Service Vulnerability
Categories: