Apple Security Advisory 2015-09-30-02 – Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.
Monthly Archives: October 2015
Apple Security Advisory 2015-09-30-01
Apple Security Advisory 2015-09-30-01 – iOS 9.0.2 is now available and addresses a lock screen vulnerability.
Microsoft Security Bulletin Revision Increment For September, 2015
This bulletin summary lists three bulletins that have undergone a major revision increment for September, 2015.
MakeSFX.exe 1.44 Stack Buffer Overflow
MakeSFX.exe version 1.44 suffers from stack-based buffer overflow vulnerability.
Apache James Server 2.3.2 Arbitrary Command Execution
Apache James Server version 2.3.2 suffers from an arbitrary command execution vulnerability.
ElasticSearch Path Traversal Arbitrary File Download
Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.
Dropbox FinderLoadBundle OS X Local Root Exploit
The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.
Red Hat Security Advisory 2015-1852-01
Red Hat Security Advisory 2015-1852-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to disclose sensitive information or, in certain cases, crash.
WinRAR Expired Notification Command Execution
WinRAR suffers from an expired notification OLE remote command execution vulnerability.
HP Security Bulletin HPSBST03502 1
HP Security Bulletin HPSBST03502 1 – A potential security vulnerability has been identified in HP 3PAR Service Processor (SP) SPOCC. The vulnerability could be exploited to allow remote disclosure of information. Revision 1 of this advisory.