This bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.
Monthly Archives: February 2016
Gongwalker API Manager 1.1 Blind SQL Injection
Gongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability.
SIMOGEO FileManager 2.3.0 Path Traversal
SIMOGEO FileManager version 2.3.0 suffers from a path traversal vulnerability.
Microsoft Windows WebDAV BSoD Proof Of Concept
Microsoft Windows WebDAV blue screen of death denial of service proof of concept exploit that leverages the vulnerability outlined in MS16-016.
A2SV SSL Scanner
A2SV is an SSL scanning tool that checks to see if a service is vulnerable to Heartbleed, Poodle, and CCS injection vulnerabilities.
DSA-3474 libgcrypt20 – security update
Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that the ECDH secret decryption keys in applications using the
libgcrypt20 library could be leaked via a side-channel attack.
Go remote with Avira Online Essentials Dashboard and TeamViewer
Yes, you can go remote with the Avira Online Essentials Dashboard, thanks to some help from TeamViewer.
The post Go remote with Avira Online Essentials Dashboard and TeamViewer appeared first on Avira Blog.
CVE-2016-1287
Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.
Red Hat Security Advisory 2016-0166-01
Red Hat Security Advisory 2016-0166-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder
Wieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.