SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
Monthly Archives: March 2017
CVE-2016-8023
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
CVE-2017-6902
Unrestricted file upload vulnerability in ‘file upload’ modules in b2evolution 6.8.8 allows authenticated users to upload malicious code (shell) by visiting the admin.php?ctrl=files page, even though the system has restricted the .php extension.
Microsoft Edge Fetch API allows setting of arbitrary request headers
Posted by Securify B.V. on Mar 14
————————————————————————
Microsoft Edge Fetch API allows setting of arbitrary request headers
————————————————————————
Yorick Koster, January 2017
————————————————————————
Abstract
————————————————————————
It was found that the Fetch API in Microsoft Edge…
CVE-2017-6896
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
CVE-2017-6516
A Local Privilege Escalation Vulnerability in MagniComp’s Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.
CVE-2017-5985
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Significant cyberthreat to UK businesses continues to grow
Greater collaboration is needed in order to combat the significant threat of cybercrime to British businesses, according to the UK’s National Crime Agency and the National Cyber Security Centre.
The post Significant cyberthreat to UK businesses continues to grow appeared first on WeLiveSecurity
MS17-MAR – Microsoft Security Bulletin Summary for March 2017 – Version: 1.0
Revision Note: V1.0 (March 14, 2017):
Summary: This bulletin summary lists security bulletins released for March 2017
MS17-014 – Important: Security Update for Microsoft Office (4013241) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (March 14, 2017): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.