Security fix for CVE-2017-2626
Monthly Archives: March 2017
SEC Consult SA-20170301 :: XXE and XSS vulnerabilities in Aruba AirWave
Posted by SEC Consult Vulnerability Lab on Mar 01
SEC Consult Vulnerability Lab Security Advisory < 20170301-0 >
=======================================================================
title: XML External Entity Injection (XXE),
Reflected Cross Site Scripting
product: Aruba AirWave
vulnerable version: <=8.2.3
fixed version: 8.2.3.1
CVE number: CVE-2016-8526, CVE-2016-8527
impact: high
homepage:…
Talking Android ransomware extorts victims
Talking Android ransomware sounds like something out of a science fiction movie. It’s not – it’s very real, explains ESET’s Lukas Stefanko.
The post Talking Android ransomware extorts victims appeared first on WeLiveSecurity
Java Applet FTP Protocol Stream Injection
A FTP protocol stream injection vulnerability has been reported in Java’s Applets. The vulnerability is due to improper URL handling code. A remote attacker may exploit this issue using a specially crafted Java applet which can enable an attacker to run FTP commands on the effected system.
Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution
Posted by Karn Ganeshen on Feb 28
Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code
Execution (DLL Hijacking Vulnerability)
*Confirmed on*
pgAdmin4 v1.1: Current version packaged with PostgreSQL v9.6.1.1 (Windows
x86 Current version)
*Checked on*
Windows 7 SP1 + python 2.7.13 (current version)
Note – This is a vulnerability in python, which gets manifested via
pgAdmin4. Other applications and softwares that use python, may as well be
vulnerable.
*Download*…
Veritas NetBackup v6.x, v7.x, v8.0 and NetBackup appliances v2.x, v3.0 – Multiple Critical Vulnerabilities
Posted by Sven Blumenstein on Feb 28
Veritas NetBackup and NetBackup appliance – Multiple Vulnerabilities
——————————————————————–
Introduction
============
Multiple critical vulnerabilities were identified in Veritas NetBackup
and NetBackup appliance. The vulnerabilities were discovered during a
black box security assessment and therefore the vulnerability list
should not be considered exhaustive.
Affected Software and Versions…
Re: Teradici Management Console 2.2.0 – Privilege Escalation
Posted by Jack Cha on Feb 28
Ref: http://seclists.org/fulldisclosure/2017/Feb/62
Hello,
My name is Jack Cha and I am a product security engineer at Teradici. I have reproduced with the steps as provided and
I am working with the dev team to address it. Please know that Teradici has been working to address it promptly.
I have exchanged couple of emails with Harrison as per below, confirming that it would be much more difficult to
exploit the same weakness in MC 2.3.0 and…
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
Posted by Summer of Pwnage on Feb 28
————————————————————————
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form
Manager WordPress Plugin
————————————————————————
Edwin Molenaar, July 2016
————————————————————————
Abstract
————————————————————————
It was discovered that…
Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin
Posted by Summer of Pwnage on Feb 28
————————————————————————
Stored Cross-Site Scripting vulnerability in Contact Form WordPress
Plugin
————————————————————————
Julien Rentrop, July 2016
————————————————————————
Abstract
————————————————————————
A stored Cross-Site Scripting vulnerability was…
Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
Posted by Summer of Pwnage on Feb 28
————————————————————————
Stored Cross-Site Scripting vulnerability in User Login Log WordPress
Plugin
————————————————————————
Axel Koolhaas, July 2016
————————————————————————
Abstract
————————————————————————
A stored Cross-Site Scripting vulnerability…