Ubuntu Security Notice 3047-2 – USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. Various other issues were addressed.
Monthly Archives: August 2016
FreePBX 13 / 14 Remote Command Execution
FreePBX versions 13 and 14 remote command execution exploit.
HP Security Bulletin HPSBHF03440 1
HP Security Bulletin HPSBHF03440 1 – A potential security vulnerability in JQuery was addressed by HPE Integrated Lights-Out 3. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.
HP Security Bulletin HPSBGN03630 2
HP Security Bulletin HPSBGN03630 2 – A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.
Apache OpenMeetings 3.1.0 Cross Site Scripting
Apache OpenMeetings version 3.1.0 suffers from a cross site scripting vulnerability.
Nagios Log Server Multiple Vulnerabilities
Posted by Francesco Oddo on Aug 12
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Nagios Network Analyzer Multiple Vulnerabilities
Posted by Francesco Oddo on Aug 12
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Nagios Incident Manager Multiple Vulnerabilities
Posted by Francesco Oddo on Aug 12
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8)
Posted by Rv3Lab.org on Aug 12
###################################################
01. ### Advisory Information ###
Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory [Research Team]
Severity: High
02. ### Vulnerability Information ###
OVE-ID: OVE-20160718-0006
CVSS v2 Base Score: 8.5
CVSS v2 Vector:…
Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability
Posted by 1n3 on Aug 12
=========================================
Title: Zabbix 3.0.3 SQL Injection Vulnerability
Product: Zabbix
Vulnerable Version(s): 2.2.x, 3.0.x
Fixed Version: 3.0.4
Homepage: http://www.zabbix.com
Patch link: https://support.zabbix.com/browse/ZBX-11023
Credit: 1N3@CrowdShield
==========================================
Vendor Description:
=====================
Zabbix is an open source availability and performance monitoring solution….