Posted by Vulnerability Lab on Jul 06
Document Title:
===============
IBM BlueMix Cloud – (API) Persistent Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1846
IBM Security Tracking ID: 5377-12593283
Release Date:
=============
2016-07-04
Vulnerability Laboratory ID (VL-ID):
====================================
1846
Common Vulnerability Scoring System:
====================================
3.7
Product & Service…
IBM BlueMix Cloud suffers from a client-side malicious script insertion vulnerability.
The first and most important thing that the majority of people look for in an antivirus service is reassurance: to easily maintain security without it taking up too much time. Discover an easy and proven way to guarantee your security with Panda Protection Service. It is very cost-effective at only €5.99/month with no-strings-attached. You can use the service and then cancel it whenever you want to. Try your first month for free!
Panda Protection Service is more than just a simple antivirus. In addition to protecting your computers, mobile phones and tablets, the purchase of a license includes an infinite number of features. Take advantage of your antivirus in every situation: theft, battery and performance optimization, blocking the Wi-Fi connection, criminals, etc.
Learn what Panda Protection Service is all about!
Keep cybercriminals and tricksters at bay using the Wi-Fi Protection Mode on your Panda Protection Service. You will see the exact moment your devices connect to the router in the history area. This will make it much easier to detect intrusions and cut off access to your network. This tool analyzes your Wi-Fi and searches for vulnerabilities, then offers tips on how to further increase your IT security.
Antitheft measures are available on Panda Protection Service. The movement alarm will sound if someone touches your computer, mobile phone or tablet. If for some reason your device is stolen or lost, Panda prevents thieves from accessing your private photos and information. You can remotely update your phone’s password and wipe your device clean, and you will even receive an email with a photo and location of the thief if he tries to unblock your phone three times. If you lose your phone, you can send a message to your lost device with your information so the person who finds it can contact you.
With the Password Manager, you can set-up a password for every single account or page and forget about it! All you have to remember is the Master password for the management page and from there you can access everything else you need.
A lot of users are unaware that dragging an old document to the Recycle Bin or clicking the “delete” button is not the end. These documents can be recuperated easily. If you really want to eliminate those highly sensitive documents, use the File Shredder. This will come in handy if you decide to recycle, reuse or sell your computer or device.
One of the top priorities for tech-savvy parents is to make sure their kids can safely access the internet. With Panda Protection Service, parents can apply filters to different users to make sure their kids only access trustworthy websites.
Although a lot of secure websites already use this feature, virtual keyboards are an additional security feature that makes it harder for cybercriminals to hack you. When you are logging into websites, like bank sites, the virtual keyboard pops up on the screen (like an image of a keyboard instead of a physical one). From here, you can enter your password without creating sounds or tones that can be deciphered by black hats.
If you are familiar with messaging services like WhatsApp, then you are aware that encryption is highly important. Encryption makes sure your private messages don’t travel to places they shouldn’t. We can also encrypt files and make them unreadable to cybercriminals, thanks to the File Encrypt mode with Panda Protection Service.
The post How to Take Advantage of Your Antivirus appeared first on Panda Security Mediacenter.
[slackware-security] mozilla-thunderbird (SSA:2016-187-01)
Putty (beta 0.67) DLL Hijacking Vulnerability
Apple Safari for Mac OS X SVG local XXE
[security bulletin] HPSBHF03613 rev.1 – HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
Red Hat Enterprise Linux: Updated kernel packages that add one enhancement are now available for Red Hat
Enterprise Linux 6.6 Extended Update Support.
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat
Enterprise Linux 6.2 Advanced Update Support.
5th July, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Tomcat.
It was discovered that Tomcat incorrectly handled pathnames used by web
applications in a getResource, getResourceAsStream, or getResourcePaths
call. A remote attacker could use this issue to possibly list a parent
directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 15.10. (CVE-2015-5174)
It was discovered that the Tomcat mapper component incorrectly handled
redirects. A remote attacker could use this issue to determine the
existence of a directory. This issue only affected Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)
It was discovered that Tomcat incorrectly handled different session
settings when multiple versions of the same web application was deployed. A
remote attacker could possibly use this issue to hijack web sessions. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346)
It was discovered that the Tomcat Manager and Host Manager applications
incorrectly handled new requests. A remote attacker could possibly use this
issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)
It was discovered that Tomcat did not place StatusManagerServlet on the
RestrictedServlets list. A remote attacker could possibly use this issue to
read arbitrary HTTP requests, including session ID values. This issue only
affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10.
(CVE-2016-0706)
It was discovered that the Tomcat session-persistence implementation
incorrectly handled session attributes. A remote attacker could possibly
use this issue to execute arbitrary code in a privileged context. This
issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10.
(CVE-2016-0714)
It was discovered that the Tomcat setGlobalContext method incorrectly
checked if callers were authorized. A remote attacker could possibly use
this issue to read or wite to arbitrary application data, or cause a denial
of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 15.10. (CVE-2016-0763)
It was discovered that the Tomcat Fileupload library incorrectly handled
certain upload requests. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-3092)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
