Monthly Archives: October 2015
Kemoge Adware Infects Users In More Than 20 Countries
Democrats Fight To Save FCC's Rules / Net Neutrality
Watermark Master Buffer Overflow (SEH)
This Metasploit module exploits a stack based buffer overflow in Watermark Master 2.2.23 when processing a specially crafted .WCF file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Watermark Master to open a malicious .WCF file.
ManageEngine ServiceDesk Plus Arbitrary File Upload
This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 – b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.
Kallithea 0.2.9 HTTP Response Splitting
Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET ‘came_from’ parameter in the login instance. This type of attack not only allows a malicious user to control the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control. Versions 0.2.9 and 0.2.2 are affected.
Microsoft Office 2007 And 2010 RTF Frmtxtbrl EIP Corruption
This proof of concept shows a crash that was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in Microsoft Office 2013 running under Windows 8.1 x86.
CEEA-2015:1863 CentOS 7 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1863 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1863.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 3e234c5f002772a1602e41dd68b76797aee91dae4a0cec017b2ceab0f13dbba6 tzdata-2015g-1.el7.noarch.rpm 3a0cade89122a3ba3dfeb243a4be7428d6843012d2d813821f1cc8a89774e3d7 tzdata-java-2015g-1.el7.noarch.rpm Source: 2c267de5ffb17f1edf2f34f5ad568221ddbea335c6552ec63b7962d0786f9cae tzdata-2015g-1.el7.src.rpm
CEEA-2015:1863 CentOS 5 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1863 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1863.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1ab030200a4b8326ce536add751e0d62130a0cf0d5ceb3c55d5bbdb69dd1360f tzdata-2015g-1.el5.i386.rpm 3916a63973161e1baab95eca4f91c528df0ff30e3e65f5a665b72057d2fea6f8 tzdata-java-2015g-1.el5.i386.rpm x86_64: 9724fd4da7d4e606d0587d46d1c6abf9db51361d601f5b06379307039e7a3edc tzdata-2015g-1.el5.x86_64.rpm 55e0dd8e80657249398935bd9627703287eeb17f65e647e5b8a5b1242a320a5a tzdata-java-2015g-1.el5.x86_64.rpm Source: 2f675dd8beb518fe30acfb829784726758d322b195867ee095b060d1d8777fc8 tzdata-2015g-1.el5.src.rpm
CEEA-2015:1863 CentOS 6 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1863 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1863.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c9849a36e4b041658f626ddda0523574e8b5ccd19e777744d4257dc8947b8e29 tzdata-2015g-2.el6.noarch.rpm 659c9b6daca8804606cf246b800fed7321d0de88e61e4288ede85a12b6a0f03c tzdata-java-2015g-2.el6.noarch.rpm x86_64: c9849a36e4b041658f626ddda0523574e8b5ccd19e777744d4257dc8947b8e29 tzdata-2015g-2.el6.noarch.rpm 659c9b6daca8804606cf246b800fed7321d0de88e61e4288ede85a12b6a0f03c tzdata-java-2015g-2.el6.noarch.rpm Source: 3abae3f896ffbfddf60eb19aad3302b16f1bd4084ac98d4fcd34857017e00aa1 tzdata-2015g-2.el6.src.rpm