Monthly Archives: November 2015

US-CERT

Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip

Original release date: November 17, 2015

Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins for ColdFusion, LiveCycle Data Services, and Adobe Premier Clip and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Full Disclosure

CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability

Posted by Matthew Flanagan on Nov 17

Title: Cisco FireSIGHT Management Center Certificate Validation
Vulnerability

Blog URL:
http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html
Vendor: Cisco
Product: FireSIGHT Management Center
Affected Versions: 5.2.x, 5.3.x, 5.4.x
Advisory URL:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc
CVE: CVE-2015-6357
CVSS: 5.1

The Cisco FireSIGHT Management Center appliance is…

Full Disclosure

zTree v3 Security Advisory – XSS Vulnerability – CVE-2015-7348

Posted by Onur Yilmaz on Nov 17

Information
——————–
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in zTree v3
Affected Software : zTree
Affected Versions: v3.5.19.1 and possibly below
Vendor Homepage : https://github.com/zTree/zTree_v3
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
CVE-ID : CVE-2015-7348
Netsparker Advisory Reference : NS-15-019

Description
——————–
By exploiting a Cross-site scripting…