IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
Monthly Archives: May 2015
Fedora 22 Security Update: torque-4.2.10-3.fc22
Resolved Bugs
1117263 – torque qmgr aborts on server commands while jobs are running
1215992 – torque-client (4.x) should package trqauthd service
1215207 – pbs_server does not start trqauthd
1144396 – torque-4.2.10 is available
1216037 – permissions on some /var/lib/torque/ sub-directories
1149045 – CVE-2014-3684 torque: non-root users able to kill any process on any node in a job [fedora-all]
965513 – torque package should be built with PIE flags<br
Bugfix – #1215207 create/install service files for these
Google Releases Security Update for Chrome
Original release date: May 19, 2015
Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3265 zendframework – security update
Multiple vulnerabilities were discovered in Zend Framework, a PHP
framework. Except for CVE-2015-3154, all these issues were already fixed
in the version initially shipped with Jessie.
Vuln: Apple Mac OS X Prior to 10.10.3 and iOS Prior to 8.3 Multiple Security Vulnerabilities
Apple Mac OS X Prior to 10.10.3 and iOS Prior to 8.3 Multiple Security Vulnerabilities
Vuln: Apple iOS and TV Multiple Information Disclosure Vulnerabilities
Apple iOS and TV Multiple Information Disclosure Vulnerabilities
XML Injection, AoF and BF vulnerabilities in Hikvision DS-7108HWI-SH
Posted by MustLive on May 19
Hello list!
There are vulnerabilities in Hikvision DS-7108HWI-SH.
These are XML Injection, Abuse of Functionality and Brute Force
vulnerabilities. All these vulnerabilities are present in other IP cameras
and DVR of Hikvision.
————————-
Affected vendors:
————————-
Hikvision
http://www.hikvision.com
————————-
Affected products:
————————-
Vulnerable are the next models with…
Multiple Vulnerabilities in ZTE AC 3633R USB Modem
Posted by vishnu raju on May 19
Greetings from vishnu (@dH4wk)
1. Vulnerable Product Version
– ZTE AC3633R (MTS Ultra Wifi Modem)
2. Vulnerability Information
(A) Authentication Bypass
Impact: Attacker gains administrative access
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES
(B) Device crash which results in reboot
Impact: Denial of service, The crash may lead to RCE locally thus
attaining root privilege on the device
Remotely…
0-day Denial of Service in IPsec-Tools
Posted by Javantea on May 19
Denial of Service in IPsec-Tools
Vulnerability Report
May 19, 2015
Product: IPsec-Tools
Version: 0.8.2
Website: http://ipsec-tools.sourceforge.net/
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
IPsec-Tools is vulnerable to a 0-day exploit that I made available yesterday. It is a null dereference crash in racoon
in gssapi.c. It requires HAVE_GSSAPI to be set, which is a configuration option. The impact is a denial of service
against the IKE…
Re: KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery
Posted by Jean-François Gingras on May 19
Maybe I missed something, but why is this a vulnerability? This behavior is
directly caused by NTFS. The way information is stored in the MFT and in a
INDEX_ALLOCATION (for large directories) will cause this problem to any
secure delete program.
IIRC, if your file is located in a large directory, the records (mainly the
FILENAME attribute) for this directory are not hold in a resident attribute
(INDEX_ROOT – 0x90) in the MFT, they are hold in a…