BMW – (Token) Client Side Cross Site Scripting Vulnerability
Monthly Archives: July 2016
Bugtraq: BMW ConnectedDrive – (Update) VIN Session Vulnerability
BMW ConnectedDrive – (Update) VIN Session Vulnerability
RHEA-2016:1391-1: java-1.6.0-sun enhancement update
Red Hat Enterprise Linux: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat
Enterprise Linux 5.
RHEA-2016:1390-1: new packages: kmod-rtsx_usb, kmod-rtsx_usb_sdmmc
Red Hat Enterprise Linux: New kmod-rtsx_usb and kmod-rtsx_usb_sdmmc packages are now available for Red Hat
Enterprise Linux 7.
CEEA-2016:1390 CentOS 7 rtsx_usb_sdmmcEnhancement Update
CentOS Errata and Enhancement Advisory 2016:1390 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1390.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 89b552cce1a54801c5d8f77a296885a6f2be44bc2e2b8b2e0421902d4d47d9f3 kmod-rtsx_usb_sdmmc-0.1_rh1-1.el7_2.x86_64.rpm Source: bd0c23cdf6c494f2ddf5e41b5e887028afe7a50618d2a761df37bc11137e82c8 rtsx_usb_sdmmc-0.1_rh1-1.el7_2.src.rpm
CEEA-2016:1390 CentOS 7 rtsx_usb EnhancementUpdate
CentOS Errata and Enhancement Advisory 2016:1390 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1390.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 3ca04e56e7e50aaaca87c41de77cafd8ce7cf263a5c5ac90b748b40697d508ff kmod-rtsx_usb-0.1_rh1-1.el7_2.x86_64.rpm Source: cc23d2231ff30dbdc46e02764978d18d49caa7115d93a2ff5b9b57f6b0db61e0 rtsx_usb-0.1_rh1-1.el7_2.src.rpm
MS16-016 mrxdav.sys WebDav Local Privilege Escalation
This Metasploit module exploits the vulnerability in mrxdav.sys described by MS16-016. The module will spawn a process on the target system and elevate it’s privileges to NT AUTHORITYSYSTEM before executing the specified payload within the context of the elevated process.
Ruby On Rails ActionPack Inline ERB Code Execution
This Metasploit module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging an error condition.