Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.
Monthly Archives: October 2016
CVE-2016-6433 (firepower_management_center)
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
CVE-2016-6434 (firepower_management_center)
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
CVE-2016-6435 (firepower_management_center)
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
CVE-2016-6436 (hostscan_engine)
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
CVE-2016-6653 (cloud_foundry_cf_mysql)
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
Comodo Dragon Browser Privilege Escalation
Comodo Dragon Browser suffers from an unquoted service path privilege escalation vulnerability.
How to Start Secret Conversations on Facebook Messenger
If you are looking for ways to start a secret conversation on Facebook Messenger with your friends, then you are at the right place.
In this article, I am going to tell you about Facebook Messenger’s new end-to-end encrypted chat feature, dubbed “Secret Conversations,” but before that, know why do you need your chats to be end-to-end encrypted?
Your online privacy is under threat not only
RealEstate CMS 3.00.50 – Cross Site Scripting Vulnerability
Posted by Vulnerability Lab on Oct 06
Document Title:
===============
RealEstate CMS 3.00.50 – Cross Site Scripting Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1949
Release Date:
=============
2016-10-06
Vulnerability Laboratory ID (VL-ID):
====================================
1949
Common Vulnerability Scoring System:
====================================
3
Product & Service Introduction:…
Spotify Free hits sour note with infected ads
Some users of the ad-supported music streaming service Spotify Free got more hits than they bargained for, according to numerous reports.
The post Spotify Free hits sour note with infected ads appeared first on WeLiveSecurity.
