Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
Monthly Archives: May 2016
CVE-2016-4789 (pulse_connect_secure)
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4790 (pulse_connect_secure)
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4791 (pulse_connect_secure)
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
CVE-2016-4792 (pulse_connect_secure)
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.
LIM YASHI sul MEPA – Per le scuole
Non vedi il contenuto di questa Email? Clicca Quì http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=f9c9be94-7493-4e15-acd8-fb7978d6529d Greetings! Inotra questa email http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1124832633063 Questa mail è stata inviata a [email protected], da parte di [email protected] Aggiorna profilo/indirizzo e-mail http://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=f9c9be94-7493-4e15-acd8-fb7978d6529d Rimozione istantanea con SafeUnsubscribe(TM) http://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=f9c9be94-7493-4e15-acd8-fb7978d6529d Informativa sulla privacy: http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp Online Marketing by Constant Contact(R) www.constantcontact.com Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy
Red Hat Security Advisory 2016-1132-01
Red Hat Security Advisory 2016-1132-01 – MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
HP Security Bulletin HPSBGN03610 1
HP Security Bulletin HPSBGN03610 1 – Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in Remote arbitrary code execution or Denial of Service (DoS). Revision 1 of this advisory.
Ubuntu Security Notice USN-2985-2
Ubuntu Security Notice 2985-2 – USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. Various other issues were also addressed.
CVE-2015-3854 Battery permission leakage in Android
Posted by flanker on May 26
Hi: I’m posting some vulnerabilities I reported to Android and fixed last year prior to the Android Security Bounty
program launch. Since there’re no public bulletins for these ancient reports, I’m writing to the maillist for the
record. Details ======= A permission leakage exists in Android 5.x that enables a malicious application to acquire the
system-level protected permission of DEVICE_POWER. There exists a permission…