This bulletin summary lists one released Microsoft security bulletin for February, 2017.
Monthly Archives: February 2017
Norcon Redux Call For Papers
The Norcon Redux Call For Papers has been announced. It will take place in Chico, California.
Travel Portal Script 9.37 Cross Site Scripting / SQL Injection
Travel Portal Script version 9.37 suffers from cross site scripting and remote SQL injection vulnerabilities.
Apple Security Advisory 2017-02-21-2
Apple Security Advisory 2017-02-21-2 – Logic Pro X 10.3.1 is now available and addresses a memory corruption vulnerability.
Apple Security Advisory 2017-02-21-1
Apple Security Advisory 2017-02-21-1 – GarageBand 10.1.6 is now available and addresses a memory corruption issue.
Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in the Sonicwall SRA Appliance versions 8.1.0.2-14sv and below. The vulnerability exists in a section of the machine’s administrative interface for performing configurations related to on-connect scripts to be launched for users connecting.
Sonicwall SRA 8.1.0.2-14sv Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in the Sonicwall SRA Appliance versions 8.1.0.2-14sv and below. The vulnerability exists in a section of the machine’s administrative interface for performing configurations related to on-connect scripts to be launched for users connecting.
Cloudflare Memory Dumping Reverse Proxies
Cloudflare has reverse proxies that are dumping uninitialized memory.
Apple WebKit Frame::setDocument UXSS
Apple WebKit suffers from a UXSS via Frame::setDocument.
Apple WebKit Pop-Up Blocker Bypass
AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe.