Ektron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system.
Monthly Archives: March 2017
Red Hat Security Advisory 2017-0444-02
Red Hat Security Advisory 2017-0444-02 – The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands which can be used both on client systems as well as server-side composes. The rpm-ostree-client package provides commands usable on client systems to upgrade and rollback. The following packages have been upgraded to a later upstream version: rpm-ostree, rpm-ostree-client. Multiple security issues have been addressed.
DSA-3801 ruby-zip – security update
It was discovered that ruby-zip, a Ruby module for reading and writing
zip files, is prone to a directory traversal vulnerability. An attacker
can take advantage of this flaw to overwrite arbitrary files during
archive extraction via a .. (dot dot) in an extracted filename.
Vuln: FlightAirMap CVE-2017-6397 Multiple Cross Site Scripting Vulnerabilities
FlightAirMap CVE-2017-6397 Multiple Cross Site Scripting Vulnerabilities
Vuln: Atheme IRC Services CVE-2017-6384 Denial of Service Vulnerability
Atheme IRC Services CVE-2017-6384 Denial of Service Vulnerability
Vuln: Soruly whatanime.ga CVE-2017-6390 Cross Site Scripting Vulnerability
Soruly whatanime.ga CVE-2017-6390 Cross Site Scripting Vulnerability
Vuln: WordPress fast-image-adder Plugin CVE-2015-1000001 Arbitrary File Upload Vulnerability
WordPress fast-image-adder Plugin CVE-2015-1000001 Arbitrary File Upload Vulnerability
CVE-2016-8236
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
CVE-2016-3127
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer’s Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.
CVE-2016-10070
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.