Cisco warns of 16 flaws in its latest security bulletin, mostly impacting its Cisco AsyncOS software used in its Email Security Appliances.
Monthly Archives: October 2016
CVE-2015-0787 (identity_manager)
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
CVE-2016-1592 (identity_manager)
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
CVE-2016-1598 (identity_manager, identity_manager_identity_applications)
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
CVE-2016-5764 (rumba_ftp)
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
GNU tar 1.29 Extract Pathname Bypass
The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.
Microsoft Extends Malicious Macro Protection to Office 2013
Microsoft announced it has extended a feature in Office 2016 that protects against malicious macros to Office 2013.
Joomla 3.6.4 Account Creation / Privilege Escalation
Joomla versions 3.4.4 through 3.6.4 suffer from account creation and privilege escalation vulnerabilities.
You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget
Now you can hijack nearly any drone mid-flight just by using a tiny gadget.
Security researcher Jonathan Andersson has devised a small hardware, dubbed Icarus, that can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.
Andersson, who is the manager of Trend Micro’s TippingPoint DVLab division, demonstrated
MS16-128 – Critical: Security Update for Adobe Flash Player (3201860) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (October 27, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.