Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
Monthly Archives: August 2016
CVE-2016-6369
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0005
WebKitGTK+ Security Advisory WSA-2016-0005
Bugtraq: SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise
SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise
Bugtraq: APPLE-SA-2016-08-25-1 iOS 9.3.5
APPLE-SA-2016-08-25-1 iOS 9.3.5
RHEA-2016:1765-1: Red Hat OpenStack Platform 9 director images GA Advisory
Red Hat Enterprise Linux: Red Hat OpenStack Platform 9.0 director GA images are now
available for Red Hat Enterprise Linux 7.
USN-3069-1: Eye of GNOME vulnerability
Ubuntu Security Notice USN-3069-1
25th August, 2016
eog vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Eye of GNOME could be made to crash or run programs as your login if it
opened a specially crafted image.
Software description
- eog
– Eye of GNOME graphics viewer program
Details
It was discovered that Eye of GNOME incorrectly handled certain invalid
UTF-8 strings. If a user were tricked into opening a specially-crafted
image, a remote attacker could use this issue to cause Eye of GNOME to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
eog
3.18.2-1ubuntu2.1
- Ubuntu 14.04 LTS:
-
eog
3.10.2-0ubuntu5.2
- Ubuntu 12.04 LTS:
-
eog
3.4.2-0ubuntu1.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist
Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor.
One of the world’s most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and
Apple Releases Security Update
Original release date: August 25, 2016
Apple has released a security update to address multiple vulnerabilites in iOS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The update is for iPhone 4s and later, iPad 2 and later, and iPod touch (5th generation) and later.
US-CERT encourages users and administrators to review the Apple security page for iOS 9.3.5 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure
Posted by Matías Mevied on Aug 25
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from
the Server Manager compromising the whole JDE landscape hence all of its information and processes.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date:…