In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
Monthly Archives: March 2017
CVE-2017-5185
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.
CVE-2017-6412
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
CVE-2017-5184
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).
The 265 Members Of Congress That Sold You Out To The ISPs
Github Developers Hit With Recruiter Malware
iPhone Users Fooled By Fake Ransomware
HP Security Bulletin HPESBUX03725 1
HP Security Bulletin HPESBUX03725 1 – Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.
HP Security Bulletin HPESBHF03723 1
HP Security Bulletin HPESBHF03723 1 – A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager. The vulnerability could be remotely exploited to allow execution of code. **Note:** The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted. Revision 1 of this advisory.
Debian Security Advisory 3824-1
Debian Linux Security Advisory 3824-1 – George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server.