Nusiorung CMS 2016 – (Login) Auth Bypass Vulnerability
Monthly Archives: July 2016
Bugtraq: DornCMS v1.4 – (FileManager) Persistent Cross Site Scripting Vulnerability
DornCMS v1.4 – (FileManager) Persistent Cross Site Scripting Vulnerability
Bugtraq: VUPlayer 2.49 – (.pls) Buffer Overflow Vulnerability
VUPlayer 2.49 – (.pls) Buffer Overflow Vulnerability
Bugtraq: VUPlayer 2.49 – (.wax) Buffer Overflow Vulnerability
VUPlayer 2.49 – (.wax) Buffer Overflow Vulnerability
RHSA-2016:1494-1: Moderate: samba security update
Red Hat Enterprise Linux: An update for samba is now available for Red Hat Gluster Storage 3.1 for RHEL 6
and Red Hat Gluster Storage 3.1 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-2119
USN-3042-1: KDE-Libs vulnerability
Ubuntu Security Notice USN-3042-1
26th July, 2016
kde4libs vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
KDE-Libs could be made to overwrite files.
Software description
- kde4libs
– KDE 4 core applications and libraries
Details
Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled
extracting certain archives. If a user were tricked into extracting a
specially-crafted archive, a remote attacker could use this issue to
overwrite arbitrary files out of the extraction directory.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
libkdecore5
4:4.14.13-0ubuntu1.1
- Ubuntu 14.04 LTS:
-
libkdecore5
4:4.13.3-0ubuntu0.3
- Ubuntu 12.04 LTS:
-
libkdecore5
4:4.8.5-0ubuntu0.5
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
USN-3043-1: OpenJDK 8 vulnerabilities
Ubuntu Security Notice USN-3043-1
27th July, 2016
openjdk-8 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in OpenJDK 8.
Software description
- openjdk-8
– Open Source Java implementation
Details
Multiple vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service, expose sensitive data
over the network, or possibly execute arbitrary code. (CVE-2016-3587,
CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)
A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this to expose sensitive data
over the network or possibly execute arbitrary code. (CVE-2016-3458)
Multiple vulnerabilities were discovered in the OpenJDK JRE related
to availability. An attacker could exploit these to cause a denial
of service. (CVE-2016-3500, CVE-2016-3508)
A vulnerability was discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit this to expose
sensitive data over the network. (CVE-2016-3550)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
openjdk-8-jre-zero
8u91-b14-3ubuntu1~16.04.1
-
openjdk-8-jdk
8u91-b14-3ubuntu1~16.04.1
-
openjdk-8-jre
8u91-b14-3ubuntu1~16.04.1
-
openjdk-8-jre-headless
8u91-b14-3ubuntu1~16.04.1
-
openjdk-8-jre-jamvm
8u91-b14-3ubuntu1~16.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References
Kaspersky Lab North America Announces Two Executive Leadership Promotions
– Kaspersky Lab North America announced today the promotion of William “Bill” Cunningham to the positon of Executive Vice President, Sales and Marketing. In this role, Bill will oversee all sales and marketing functions for the region, including both consumer and business.
Kaspersky Lab presents latest versions of its flagship consumer security solutions with enhanced data protection features
Kaspersky Lab today announced the release of the latest versions of its flagship security solutions – Kaspersky Anti-Virus, Kaspersky Internet Security and Kaspersky Total Security
VUPlayer 2.49 – (.wax) Buffer Overflow Vulnerability
Posted by Vulnerability Lab on Jul 27
Document Title:
===============
VUPlayer 2.49 – (.wax) Buffer Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1877
Release Date:
=============
2016-07-26
Vulnerability Laboratory ID (VL-ID):
====================================
1877
Common Vulnerability Scoring System:
====================================
6.4
Product & Service Introduction:…