MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. Successfully exploiting this issue allows attackers to write to and change certain aspects of the Network Management System (NMS). This may aid in further attacks. Versions up to and including RouterOS 3.13 and 2.9.51 are vulnerable.
Monthly Archives: January 2017
WooCommerce Tax Rates Cross-Site Scripting
A cross-site scripting vulnerability exists in the WooCommerce WordPress plugin. This vulnerability is triggered when the WooCommerce tax rates setting incorrectly processes user-supplied data. A remote attacker may exploit this vulnerability by uploading a malicious .csv file into the application. The file then injects malicious code triggering the attack, thereby allowing the attacker to gain full control of the web server.
Trend Micro Control Manager Information Disclosure (CVE-2016-6220)
An XML external entity (XXE) processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the target system.
pcsc-lite-1.8.20-1.fc25
New upstream release
Vuln: Oracle Java SE CVE-2016-5554 Remote Security Vulnerability
Oracle Java SE CVE-2016-5554 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2016-5597 Remote Security Vulnerability
Oracle Java SE CVE-2016-5597 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2016-5542 Remote Security Vulnerability
Oracle Java SE CVE-2016-5542 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2016-5556 Remote Security Vulnerability
Oracle Java SE CVE-2016-5556 Remote Security Vulnerability