Thru Managed File Transfer Portal version 9.0.2 suffers from a cross site scripting vulnerability.
Monthly Archives: February 2016
Debian Security Advisory 3483-1
Debian Linux Security Advisory 3483-1 – Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio, a tool for creating and extracting cpio archive files, leading to a denial of service (application crash).
HP Security Bulletin HPSBGN03547 1
HP Security Bulletin HPSBGN03547 1 – A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. Revision 1 of this advisory.
Cisco Security Advisory 20160218-glibc
Cisco Security Advisory – On February 16, 2016, a critical vulnerability in the GNU C library (glibc) was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer overflow condition that may result in a denial of service (DoS) condition or allow the attacker to execute arbitrary code on the affected device. This advisory will be updated as additional information becomes available. Cisco will release software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
Joomla Sites Join WordPress As TeslaCrypt Ransomware Target
Joomla is the newest prey of attackers behind a campaign that has targeted WordPress websites by injecting JavaScript files with malicious code.
CVE-2015-7769
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2016-1154
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-1156
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
CVE-2016-1335
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator’s connection, aka Bug ID CSCux22492.