Severity Rating: Important
Revision Note: V1.0 (September 8, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.
Monthly Archives: September 2015
MS15-105 – Important: Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (September 8, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to improperly check configuration settings. Customers who have not enabled the Hyper-V role are not affected.
MS15-097 – Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (September 8, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
DSA-3354 spice – security update
Frediano Ziglio of Red Hat discovered a race condition flaw in spice’s
worker_update_monitors_config() function, leading to a heap-based memory
corruption. A malicious user in a guest can take advantage of this flaw
to cause a denial of service (QEMU process crash) or, potentially
execute arbitrary code on the host with the privileges of the hosting
QEMU process.
Bugtraq: JSPMySQL Administrador CSRF & XSS Vulnerabilities
JSPMySQL Administrador CSRF & XSS Vulnerabilities
Bugtraq: [SECURITY] [DSA 3353-1] openslp-dfsg security update
[SECURITY] [DSA 3353-1] openslp-dfsg security update
Bugtraq: NETGEAR Wireless Management System – Authentication Bypass and Privilege Escalation.
NETGEAR Wireless Management System – Authentication Bypass and Privilege Escalation.
Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage
Posted by Taoguang Chen on Sep 07
#Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage
Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date:
2015.8.27 – Release Date: 2015.9.4
Affected Versions
————
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
Affected is PHP 5.4 < 5.4.45
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
“`…
Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
Posted by Taoguang Chen on Sep 07
#Yet Another Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList
Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date:
2015.8.27 – Release Date: 2015.9.4
Affected Versions
————
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
Affected is PHP 5.4 < 5.4.45
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
“`
while(*p ==…
Re: Use After Free Vulnerabilities in unserialize()
Posted by Taoguang Chen on Sep 07
Update affected versions:
Affected Versions
————
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
Affected is PHP 5.4 < 5.4.45
2015-09-05 10:08 GMT+08:00 Taoguang Chen <taoguangchen () gmail com>: