RHN Satellite and Proxy: Updated spacecmd, spacewalk-backend, spacewalk-java, spacewalk-utils,
satellite-schema and spacewalk-schema packages that fix several bugs and add
various enhancements are now available for Red Hat Satellite 5.7.
Monthly Archives: August 2016
Fortinet Releases Security Advisory
Original release date: August 22, 2016
Fortinet has released a security advisory to highlight a vulnerability in versions of FortiGate firmware that were released before August 2012. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Using unpatched software increases risks from viruses and other security threats, and attackers may target vulnerabilities for months or even years after patches are available.
US-CERT encourages users and administrators to review the Fortinet Advisory and apply the necessary update. See US-CERT Security Tip on Understanding Patches for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
Posted by Onapsis Research on Aug 22
Correcting timeline:
7. Report Timeline
==================
– – 03/21/2015: Onapsis provides vulnerability information to SAP AG.
– – 04/14/2015: SAP reports fix is In Process.
– – 10/13/2015: SAP releases SAP Security Note 2203591 fixing the
vulnerability.
– – 07/20/2016: Onapsis Releases Security Advisory.
2016-08-19 11:53 GMT-03:00 Onapsis Research :
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Onapsis Security Advisory…
Phone lost or stolen? Avast has your back with updated Anti-Theft app
The Avast Mobile Team recently published an updated version of Avast Anti-Theft. Our app helps you locate and recover your lost or stolen mobile devices and it enables you to locate, lock, wipe and even sound an alarm on your phones by using any mobile or desktop device.
BENIGNCERTAIN Cisco VPN Private Key Extraction
BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.
Phoenix Exploit Kit Remote Code Execution
This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
Jaws CMS 1.1.1 Cross Site Request Forgery
Jaws CMS version 1.1.1 suffers from a cross site request forgery vulnerability.
phpCollab CMS 2.5 Cross Site Request Forgery
phpCollab CMS version 2.5 suffers from a cross site request forgery vulnerability.
AVS Audio Converter 8.2.1 Buffer Overflow
AVS Audio Converter version 8.2.1 suffers from a buffer overflow vulnerability.
ISPconfig 3.0.5.4 p6 Cross Site Scripting
ISPconfig version 3.0.5.4 p6 suffers from a cross site scripting vulnerability. It also leaks exception information.