Django CMS v3.2.3 – Filter Bypass & Persistent Vulnerability
Monthly Archives: April 2016
Bugtraq: Negin Group CMS – (v) Multiple Web Vulnerabilities
Negin Group CMS – (v) Multiple Web Vulnerabilities
Bugtraq: [security bulletin] HPSBGN03582 rev.1 – HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS)
[security bulletin] HPSBGN03582 rev.1 – HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS)
RHSA-2016:0685-1: Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
Red Hat Enterprise Linux: An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-1978, CVE-2016-1979
RHSA-2016:0684-1: Moderate: nss and nspr security, bug fix, and enhancement update
Red Hat Enterprise Linux: An update for nss and nspr is now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-1978, CVE-2016-1979
RHBA-2016:0686-1: Red Hat OpenShift Enterprise 2.2 REST API bug fix update
Red Hat Enterprise Linux: An updated rubygem-openshift-origin-controller package that fixes a bug is now
available for Red Hat OpenShift Enterprise release 2.2.
USN-2954-1: MySQL vulnerabilities
Ubuntu Security Notice USN-2954-1
25th April, 2016
mysql-5.7 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in MySQL.
Software description
- mysql-5.7
– MySQL database
Details
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
mysql-server-5.7
5.7.12-0ubuntu1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
3 things every employee needs to know about online security
Companies of all sizes in multiple sectors lose sensitive information, millions of dollars, and their good reputation every year to cyberattacks.
Human error accounts for an estimated 95 percent of security incidents.
Being aware of a few simple things about security in the workplace can help prevent attacks, which is not only important to the financial bottom line, but it’s also important to customer and employee privacy.
Android Ransomware Attacks Using Towelroot, Hacking Team Exploits
Drive-by exploits install ransomware on outdated Android devices using a stolen Hacking Team exploit and the first weaponized Towelroot attack.
CVE-2016-1185
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.