PHPHolidays CMS v3.00.50 – Cross Site Scripting Web Vulnerability
Monthly Archives: September 2016
USN-3074-1: File Roller vulnerability
Ubuntu Security Notice USN-3074-1
8th September, 2016
file-roller vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
File Roller could be made to delete files.
Software description
- file-roller
– archive manager for GNOME
Details
It was discovered that File Roller incorrectly handled symlinks. If a user were
tricked into extracting a specially-crafted archive, an attacker could delete
files outside of the extraction directory.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
file-roller
3.16.5-0ubuntu1.2
- Ubuntu 14.04 LTS:
-
file-roller
3.10.2.1-0ubuntu4.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
AST-2016-006: Crash on ACK from unknown endpoint
Posted by Asterisk Security Team on Sep 08
Asterisk Project Security Advisory – AST-2016-006
Product Asterisk
Summary Crash on ACK from unknown endpoint
Nature of Advisory Remote Crash
Susceptibility Remote unauthenticated sessions
Severity Critical…
AST-2016-007: RTP Resource Exhaustion
Posted by Asterisk Security Team on Sep 08
Asterisk Project Security Advisory – AST-2016-007
Product Asterisk
Summary RTP Resource Exhaustion
Nature of Advisory Denial of Service
Susceptibility Remote Authenticated Sessions
Severity Moderate…
Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
Jobberbase version 2.0 suffers from code execution, open redirect, path disclosure, unrestricted file upload, and SQL injection vulnerabilities.
Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017
Google Chrome will begin marking some HTTP sites as non-secure in 2017.
Zabbix 3.0.3 SQL Injection
Zabbix versions 2.0 through 3.0.3 remote SQL injection exploit.
LogMeIn Client 1.3.2462 (64bit) Credential Disclosure
LogMeIn client version 1.3.2462 (64bit) suffers from a local credential memory disclosure vulnerability.
Apple iCloud Desktop Client 5.2.1.0 Credential Disclosure
Apple iCloud Desktop Client version 5.2.1.0 local credential memory disclosure exploit.
Dropbox Desktop Client 9.4.49 Credential Disclosure
Dropbox Desktop Client version 9.4.49 (64bit) suffers from a local credential disclosure vulnerability.