Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.
Monthly Archives: August 2015
CVE-2015-6273
Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.
Adobe Releases Security Update for ColdFusion
Original release date: August 28, 2015
Adobe has released a security update for ColdFusion to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system.
Users and administrators are encouraged to review the Adobe Security Bulletin APSB15-21 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
WordPress sourceAFRICA 0.1.3 Cross Site Scripting
WordPress sourceAFRICA plugin version 0.1.3 suffers from a cross site scripting vulnerability.
DSA-3345 iceweasel – security update
Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser. The Common Vulnerabilities and
Exposures project identifies the following problems:
Pluck CMS 4.7.3 CSRF / XSS / LFI / Code Execution
Pluck CMS version 4.7.3 suffers from code execution, cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
freeSSHd 1.3.1 Denial Of Service
freeSSHd version 1.3.1 suffers from a denial of service vulnerability.
WordPress Captain Slider 1.0.6 Cross Site Scripting
WordPress Captain Slider plugin version 1.0.6 suffers from a stored cross site scripting vulnerability.
Kaspersky Lab Statement on Reuters Article Posted on August 28, 2015
Apple OS X Entitlements Rootpipe Privilege Escalation
This Metasploit module exploits the rootpipe vulnerability and bypasses Apple’s initial fix for the issue by injecting code into a process with the ‘admin.writeconfig’ entitlement.