NibbleBlog 4.0.3 – Code Execution – Not fixed

Posted by Curesec Research Team (CRT) on Sep 02

NibbleBlog 4.0.3: Code Execution
Security Advisory – Curesec Research Team

1. Introduction

Affected Product: NibbleBlog 4.0.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://www.nibbleblog.com/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 07/21/2015
Disclosed to public: 09/01/2015
Release mode:…

Serendipity 2.0.1 – Code Execution

Posted by Curesec Research Team (CRT) on Sep 02

Serendipity 2.0.1: Code Execution
Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Serendipity 2.0.1
Fixed in: 2.0.2
Fixed Version Link:
https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip

Vendor Contact: serendipity () supergarv de
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 07/21/2015…

Serendipity 2.0.1 – Persistent XSS

Posted by Curesec Research Team (CRT) on Sep 02

Serendipity 2.0.1: Persistent XSS
Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Serendipity 2.0.1
Fixed in: 2.0.2
Fixed Version Link:
https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip

Vendor Contact: serendipity () supergarv de
Vulnerability Type: Persistent XSS
Remote Exploitable: Yes
Reported to vendor: 07/21/2015…

Serendipity 2.0.1 – Blind SQL Injection

Posted by Curesec Research Team (CRT) on Sep 02

Serendipity 2.0.1: Blind SQL Injection
Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Serendipity 2.0.1
Fixed in: 2.0.2
Fixed Version Link:
https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip

Vendor Contact: serendipity () supergarv de
Vulnerability Type: Blind SQL Injection
Remote Exploitable: Yes
Reported to vendor:…

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Original release date: September 02, 2015

ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.7-P3
  • BIND 9 version 9.10.2-P4

Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01291 and AA-01287 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

CEBA-2015:1701 CentOS 7 selinux-policy BugFixUpdate

CentOS Errata and Bugfix Advisory 2015:1701 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1701.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
bfe687e31ef22d1d3bb1773992e7e8c54a4c838e562fbc3c8fb96114ff56f4d3  selinux-policy-3.13.1-23.el7_1.17.noarch.rpm
20ae5dab2874e1a2249187bcf074c4ced524fbe936837bd9c25dda6b219587ea  selinux-policy-devel-3.13.1-23.el7_1.17.noarch.rpm
b6fba3389523c3f26e5046dc6becfa3b11f7e2dc2c91ea665d1b6482e23cb7af  selinux-policy-doc-3.13.1-23.el7_1.17.noarch.rpm
49ee7f51e21dc37dd580990289d9abc366f952daa6db324cccc97dfd365f0ab5  selinux-policy-minimum-3.13.1-23.el7_1.17.noarch.rpm
5302ab417a6d6f2a392aaf51a3905c7280cbeca7e014a3a18521db5d2098d9fe  selinux-policy-mls-3.13.1-23.el7_1.17.noarch.rpm
bba1a31bd758090657617e1002832db99d347358728b9d0e02d413e697f7012b  selinux-policy-sandbox-3.13.1-23.el7_1.17.noarch.rpm
7e6d1414e1a7b4c126ad386aa339804274130c185a8527413933a212bd91fdf5  selinux-policy-targeted-3.13.1-23.el7_1.17.noarch.rpm

Source:
9494ab345f7ad6c46594a9cc73fb85b61db4d27ce79916498ed558abc63905a5  selinux-policy-3.13.1-23.el7_1.17.src.rpm



CEBA-2015:1702 CentOS 7 libproxy FASTTRACK BugFixUpdate

CentOS Errata and Bugfix Advisory 2015:1702 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1702.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
fd3f174ea96acc0df6c844a6813a097843851dd49d2c6ea6f0904b118066049f  libproxy-0.4.11-8.el7.i686.rpm
3f217df8ec6a6bc9e3f78c53181b0d0ce34b6c345fa2b6e230fdcb1963dcce93  libproxy-0.4.11-8.el7.x86_64.rpm
e724c0ea94eac12ab43c7c731d2cadaaaf9afb49a7772759408f8bf74803f4a0  libproxy-bin-0.4.11-8.el7.x86_64.rpm
d51912514ce89f2b950b222d757c84aa9857742fcb1cc87fba203baf3210d2fd  libproxy-devel-0.4.11-8.el7.i686.rpm
7093a2c191c7ac892131b9811dfa0ce1429b761c1c4f787374dccba51f7a77a7  libproxy-devel-0.4.11-8.el7.x86_64.rpm
9585ee81633fcdafc31b474ccd7059d8331879df9af3f0925f7eb86d93479341  libproxy-gnome-0.4.11-8.el7.x86_64.rpm
948b8b4e9caf716a9dc3d4b0f2fa2d8b00d99a6d096f7f78016d480b047a804d  libproxy-kde-0.4.11-8.el7.x86_64.rpm
17bcb53b55a165c90f49cd36aae75a703ff6e4b688627e17e4fceeacce802d5a  libproxy-mozjs-0.4.11-8.el7.x86_64.rpm
05668b46939482c606ca905ad8eeab04bdac178a0585b7fa38c6e4d7b121f117  libproxy-networkmanager-0.4.11-8.el7.x86_64.rpm
ae15a7795f68d527e74124220370a062b7dea6a73a91f0bf4da0c63d8621494f  libproxy-python-0.4.11-8.el7.noarch.rpm
6cd708e61ce5ea469837f24f326c171143ff8118911117233753a808b588db33  libproxy-webkitgtk3-0.4.11-8.el7.x86_64.rpm

Source:
7b1a6db89128dc3c7deec2d2157487350b6129078b66ec23607d095a26f62127  libproxy-0.4.11-8.el7.src.rpm