Monthly Archives: June 2016

Microsft

MS16-JUN – Microsoft Security Bulletin Summary for June 2016 – Version: 1.1

Revision Note: V1.1 (June 15, 2016): For MS16-072, added a Known Issue to the Executive Summaries table. The updates in MS16-072 change the security context with which user group policies are retrieved. For more information about this by-design behavior change, see Microsoft Knowledge Base Article 3163622. For MS16-074, revised the Executive Summary to correct the attack vector description. This is an informational change only.
Summary: This bulletin summary lists security bulletins released for June 2016.

Full Disclosure

Microsoft Visio multiple DLL side loading vulnerabilities

Posted by Securify B.V. on Jun 15

————————————————————————
Microsoft Visio multiple DLL side loading vulnerabilities
————————————————————————
Yorick Koster, August 2015

————————————————————————
Abstract
————————————————————————
Multiple DLL side loading vulnerabilities were found in…

Full Disclosure

CVE-2016-3643 – Misconfiguration of sudo in Solarwinds Virtualization Manager

Posted by Nate Kettlewell on Jun 15

Product: Solarwinds Virtualization Manager

Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Security Misconfiguration
CVE Reference: CVE-2016-3643
Risk Level: High
CVSSv3 Base Score: 7.8…

Full Disclosure

CVE-2016-3642 – Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Posted by Nate Kettlewell on Jun 15

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Deserialization of Untrusted Data [CWE-502]
CVE Reference: CVE-2016-3642
Risk Level: High
CVSSv2 Base Score: 10…

Full Disclosure

Siklu EtherHaul Hidden ‘root’ Account

Posted by Ian Ling on Jun 15

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/145309944453/

Vendor:
=================
www.siklu.com/

Product:
======================
-EtherHaul EH-1200F/FX/TX, EH-2200F/FX, EH-600T/TL
-EtherHaul EH-1200/TL

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================

Siklu EtherHaul radios have a built-in, hidden root…

Full Disclosure

Face Authentication Bypassing – KeyLemon

Posted by omarbv on Jun 15

Application
———–
KeyLemon offers convenient, secure and continuous biometric
authentication solutions based on face and speaker recognition.

To improve robustness to illumination and pose, as well as to provide
enhanced security against photo/video spoofing attacks, KeyLemon’s
latest face recognition algorithms take full benefit of 3D depth sense
cameras by efficiently combining depth, near-infrared and color
information….

Full Disclosure

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Posted by Nate Kettlewell on Jun 15

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Deserialization of Untrusted Data [CWE-502]
CVE Reference: CVE-2016-3642
Risk Level: High
CVSSv2 Base Score: 10…