Monthly Archives: July 2016

Full Disclosure

VUPlayer 2.49 – (.pls) Buffer Overflow Vulnerability

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
VUPlayer 2.49 – (.pls) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1876

Release Date:
=============
2016-07-25

Vulnerability Laboratory ID (VL-ID):
====================================
1876

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:…

Full Disclosure

DornCMS v1.4 – (FileManager) Persistent Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
DornCMS v1.4 – (FileManager) Persistent Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1885

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
1885

Common Vulnerability Scoring System:
====================================
4.3

Product & Service Introduction:…

Full Disclosure

Nusiorung CMS 2016 – (Login) Auth Bypass Vulnerability

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
Nusiorung CMS 2016 – (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1875

Release Date:
=============
2016-07-13

Vulnerability Laboratory ID (VL-ID):
====================================
1875

Common Vulnerability Scoring System:
====================================
7.6

Abstract Advisory Information:
==============================…

Security

Ubuntu Security Notice USN-3042-1

Ubuntu Security Notice 3042-1 – Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.

Security

Red Hat Security Advisory 2016-1489-01

Red Hat Security Advisory 2016-1489-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel’s Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.