Posted by aj on Nov 02
Hey folks,
Spark (sparkjava.com) is a mildly hyped Java micro web framework that
also provides functionality to serve static files. Unfortunately,
there’s no protection against directory traversal attacks and I haven’t
been able to contact anyone related to the project (after trying 4
people over 2 weeks). As this bug is not that awesome, and fairly
trivial to find, please help yourself to some semi-shitty 0-day.
If configured, Spark…
Several vulnerabilities were discovered in cURL, an URL transfer library:
Aleksandar Nikolic of Cisco Talos discovered several integer overflow
vulnerabilities in memcached, a high-performance memory object caching
system. A remote attacker can take advantage of these flaws to cause a
denial of service (daemon crash), or potentially to execute arbitrary
code.
WordPress Zotpress Plugin ‘shortcode.ajax.php’ SQL Injection Vulnerability
Ubuntu Security Notice 3120-1 – Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.
Original release date: November 02, 2016
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
This product is provided subject to this Notification and this Privacy & Use policy.
built docker @projectatomic/docker-1.12 commit 91ae1d1
—-
built docker @projectatomic/docker-1.12 commit 91ae1d1
Original release date: November 02, 2016
Google has released Chrome version 54.0.2840.87 for Windows and Mac, and version 54.0.2840.90 for Linux. These new versions address a vulnerability that, if exploited, may allow an attacker to create a denial-of-service condition.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites.
This module enables you to create and manage custom editorial workflows around a site’s content.
The module could result in unpublished content being temporarily made visible via content lists, e.g. as generated by Views, when its editorial status was being changed, e.g. from “draft” to “needs work”.
This vulnerability is mitigated by the fact that the content lists must be regenerated at exactly the moment when a person saves the node.
Drupal core is not affected. If you do not use the contributed Workbench Moderation module, there is nothing you need to do.
Install the latest version:
Also see the Workbench Moderation project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity