Classified Portal Software version 5.1 suffers from a remote SQL injection vulnerability.
Category Archives: Security
Security
Microsoft Office OneNote 2007 DLL Hijacking
Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.
Microsoft Security Bulletin Summary For April, 2017
This bulletin summary lists 59 critical and 18 important security bulletins for April, 2017.
CVE-2017-7621
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.
Bugtraq: [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure
Bugtraq: [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure
Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting Vulnerabilities
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting Vulnerabilities
RHBA-2017:0888-1: openvswitch bug fix and enhancement update
Red Hat Enterprise Linux: Updated openvswitch packages that fix several bugs and add various enhancements
are now available in the Fast Datapath channel of Red Hat Enterprise Linux 7.
USN-3258-1: Dovecot vulnerability
Ubuntu Security Notice USN-3258-1
10th April, 2017
dovecot vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary
Dovecot could be made to crash if it received specially crafted input.
Software description
- dovecot
– IMAP and POP3 email server
Details
It was discovered that Dovecot incorrectly handled some usernames. An attacker
could possibly use this issue to cause Dovecot to hang or crash, resulting in a
denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
dovecot-core
1:2.2.24-1ubuntu1.2
- Ubuntu 16.04 LTS:
-
dovecot-core
1:2.2.22-1ubuntu2.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-3257-1: WebKitGTK+ vulnerabilities
Ubuntu Security Notice USN-3257-1
10th April, 2017
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in WebKitGTK+.
Software description
- webkit2gtk
– Web content engine library for GTK+
Details
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
libwebkit2gtk-4.0-37
2.16.1-0ubuntu0.16.10.1
-
libjavascriptcoregtk-4.0-18
2.16.1-0ubuntu0.16.10.1
- Ubuntu 16.04 LTS:
-
libwebkit2gtk-4.0-37
2.16.1-0ubuntu0.16.04.1
-
libjavascriptcoregtk-4.0-18
2.16.1-0ubuntu0.16.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.