Posted by Mike Lisi on Feb 10
———–
Vendor:
———–
Sophos (https://www.sophos.com)
—————————————–
Affected Products/Versions:
—————————————–
Product: Sophos UTM 9
Version: 9.350-12 with pattern version 92405 (potentially lower)
—————-
Description:
—————-
Title: Cross-site Scripting (XSS) in Sophos UTM 9
CVE: CVE-2016-2046
Researcher: Mike Lisi – HALOCK Security Labs (@MikeHacksThings)
A…
Posted by Vantage Point Security on Feb 10
Vantage Point Security Advisory 2016-001
================================
Title: File Replication Pro Remote Command Execution
Vendor: File Replication Pro
Vendor URL: http://www.filereplicationpro.com/
Versions affected: =< 7.2.0
Severity: High
Vendor notified: Yes
Reported: 29 October 2015
Public release: 10 February 2016
Author: Jerold Hoong and the VP team <jerold[at]vantagepoint[dot]sg>
Permalink:
Summary:
——–
File…
Posted by Securify B.V. on Feb 10
————————————————————————
Fix
————————————————————————
Microsoft released MS16-014 that fixes this vulnerability.
Posted by Securify B.V. on Feb 10
————————————————————————
MapsUpdateTask Task DLL side loading vulnerability
————————————————————————
Yorick Koster, November 2015
————————————————————————
Abstract
————————————————————————
A DLL side loading vulnerability was found in the MapsUpdateTask…
Posted by Securify B.V. on Feb 10
————————————————————————
BDA MPEG2 Transport Information Filter DLL side loading vulnerability
————————————————————————
Yorick Koster, September 2015
————————————————————————
Abstract
————————————————————————
A DLL side loading vulnerability was found in…
Posted by Securify B.V. on Feb 10
————————————————————————
NPS Datastore server DLL side loading vulnerability
————————————————————————
Yorick Koster, September 2015
————————————————————————
Abstract
————————————————————————
A DLL side loading vulnerability was found in the NPS Datastore…
The UK’s Intelligence and Security Committee has deemed the latest Draft Investigatory Powers Bill as a “missed opportunity”, according to its latest report.
The post ICS calls for latest Draft Investigatory Powers Bill to go further to protect privacy appeared first on We Live Security.
Original release date: February 10, 2016
Cisco has released a security update to address a vulnerability in its ASA software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
The “Send as attachment” feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.