Feed aggregator

Vuln: Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability
Categories:

Vuln: Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
Categories:

Vuln: Adobe Flash Player APSB17-07 Multiple Use After Free Remote Code Execution Vulnerabilities

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Adobe Flash Player APSB17-07 Multiple Use After Free Remote Code Execution Vulnerabilities
Categories:

Vuln: Adobe Flash Player CVE-2017-3000 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - March 21, 2017 - 11:00pm
Adobe Flash Player CVE-2017-3000 Information Disclosure Vulnerability
Categories:

Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"

BugTraq Latest Security Advisories - March 21, 2017 - 1:39pm

Posted by Stefan Kanthak on Mar 21

Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsoft.com/en-us/library/ms684179.aspx>
and <https://support.microsoft.com/kb/2532445>

| LOAD_IGNORE_CODE_AUTHZ_LEVEL...
Categories:

Bugtraq: [security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access

Security Focus Latest Security Advisories - March 21, 2017 - 1:00pm
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
Categories:

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM

BugTraq Latest Security Advisories - March 21, 2017 - 8:02am

Posted by ERPScan inc on Mar 21

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium...
Categories:

Bugtraq: CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

Security Focus Latest Security Advisories - March 21, 2017 - 7:00am
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
Categories: