The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.
Monthly Archives: September 2015
CoreBot Malware – Simple But Dangerous Info Stealer
Victims Of US Government Mega-Breach Still Haven't Been Notified
Formet Secret Service Agent Guilty Of Bitcoin Theft
Ecuador Considered Smuggling Julian Assange In A Bag
EMC Atmos 2.3.0 XML External Entity Injection
EMC Atmos is affected by an XML eXternal Entity (XXE) injection vulnerability due to the configuration of the XML parser shipped with the product. An XXE injection attack may occur when XML input containing a reference to an external entity is processed by an affected XML parser. XXE injection might allow attackers to gain unauthorized access to files containing sensitive information or might be used to cause denial of service.
Slackware Security Advisory – gdk-pixbuf2 Updates
Slackware Security Advisory – New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.
Cerb 7.0.3 Cross Site Request Forgery
Cerb version 7.0.3 suffers from a cross site request forgery vulnerability.
PayPal Authentication Bypass
The Vulnerability Laboratory Core Research Team discovered a restriction filter bypass in the official PayPal Inc Mobile API for Apple iOS.
Jira / HipChat For Jira Java Code Execution
It was discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA. All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability. All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.