March is already rolling and so is our work. Today we feel so happy to
share a new release, Faraday v2.4!
Before preparing an upcoming release, we try to focus not only on
improving the product but also on perfecting the user experience. We
want to go beyond optimizing your everyday work, inspiring you to do
more!
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in…
iTunes for Mac 12.6 is now available and addresses the following:
iTunes
Available for: OS X version 10.9.5 or later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes for Windows 12.6 is now available and addresses the following:
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
Nuxeo Platform is a content management system for enterprises (CMS).
It embeds an Apache Tomcat server, and can be managed through a web
interface.
One of its features allows authenticated users to import files to the
platform.
By crafting the upload request with a specific “X-File-Name“ header,
one can successfuly upload a file at an arbitrary location of the server
file system.
Name Sensitive Data Exposure in QNAP QTS
Systems Affected QNAP QTS (NAS) all model and all versions < 4.2.4
Severity High 7.9/10
Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vendor http://www.qnap.com/
Advisory http://www.ush.it/team/ush/hack-qnap/qnap.txt
Authors Pasquale “sid” Fiorillo (sid AT ush DOT…
Adium is a popular instant messaging client for MacOS (OSX) that
incorporates libpurple. The current release (1.5.10.2) is vulnerable
to CVE-2017-2640 in libpurple, which permits execution of arbitrary
code on the client.
The Adium team has been aware of the vulnerability since at least
March 15, but has not released an advisory to its users, for reasons
unknown.
A post to the official developer’s mailing list, which included
vulnerability…