Monthly Archives: October 2016
DSA-3685 libav – security update
Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.8
DSA-3686 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.
Vuln: FreeImage CVE-2016-5684 Remote Code Execution Vulnerability
FreeImage CVE-2016-5684 Remote Code Execution Vulnerability
Vuln: Cybozu Office Multiple Cross Site Scripting Vulnerabilities
Cybozu Office Multiple Cross Site Scripting Vulnerabilities
Vuln: SAP Security Audit Log CVE-2016-4551 Security Bypass Vulnerability
SAP Security Audit Log CVE-2016-4551 Security Bypass Vulnerability
Vuln: FortiWLC CVE-2016-7560 Hardcoded Account Security Bypass Vulnerability
FortiWLC CVE-2016-7560 Hardcoded Account Security Bypass Vulnerability
Rooted HONG KONG 2016 Call For Papers
RootedCON will be held as RootedHK 2016 in Hong Kong. They have announced their call for papers. It will take place November 17th through the 18th, 2016.
SAP Netweaver 2004s Invalid Address Logging
SAP Netweaver 2004s suffers from a Security Audit Log invalid address logging issue.
Re: Critical Vulnerability in Ubiquiti UniFi
Posted by Tim Schughart on Oct 03
Hi Carlos,
you are correct that mongo is bound to 127.0.0.1 only. But you are able to get it remote if you are using the Unify
Controller Software.
So the db gets tunneled to your device.
Test environment:
1. I have configured the AP to our network.
2. I have removed every piece of software for configuring the ap.
3. I have installed the Unify Manager (for Mac 5.2.7.)
4. I’m able to connect to the database via 127.0.0.1
Network…