Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
CVE-2017-5672
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
CVE-2017-7461
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
CVE-2017-7462
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
Multiple local privilege escalation vulnerabilities in Proxifier for Mac
Posted by Securify B.V. on Apr 11
————————————————————————
Multiple local privilege escalation vulnerabilities in Proxifier for Mac
————————————————————————
Yorick Koster, April 2017
————————————————————————
Abstract
————————————————————————
Multiple local privileges escalation…
CVE-2016-7467
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 – 12.1.1, 11.6.0 – 11.6.1 HF1, 11.5.4 – 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
CVE-2016-10259
Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.
Quest Privilege Manager 6.0.0 Arbitrary File Write
Quest Privilege Manager version 6.0.0 suffers from an arbitrary file write vulnerability.
dovecot-2.2.29.1-1.fc24
+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn’t done until it’s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
– trash plugin was broken in 2.2.28
– auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
– auth: passdb { skip & mechanisms } were ignored for the first passdb
– oauth2: Various fixes, including fixes to crashes
– dsync: Large Sieve scripts (or other large metadata) weren’t always
synced.
– Index rebuild (e.g. doveadm force-resync) set all mails as Recent
– imap-hibernate: %{userdb:*} wasn’t expanded in mail_log_prefix
– doveadm: Exit codes weren’t preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
– ACLs weren’t applied to not-yet-existing autocreated mailboxes.
– Fixed a potential crash when parsing a broken message header.
– cassandra: Fallback consistency settings weren’t working correctly.
– doveadm director status : “Initial config” was always empty
– imapc: Various reconnection fixes.
dovecot-2.2.29.1-1.fc26
+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn’t done until it’s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
– trash plugin was broken in 2.2.28
– auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
– auth: passdb { skip & mechanisms } were ignored for the first passdb
– oauth2: Various fixes, including fixes to crashes
– dsync: Large Sieve scripts (or other large metadata) weren’t always
synced.
– Index rebuild (e.g. doveadm force-resync) set all mails as Recent
– imap-hibernate: %{userdb:*} wasn’t expanded in mail_log_prefix
– doveadm: Exit codes weren’t preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
– ACLs weren’t applied to not-yet-existing autocreated mailboxes.
– Fixed a potential crash when parsing a broken message header.
– cassandra: Fallback consistency settings weren’t working correctly.
– doveadm director status : “Initial config” was always empty
– imapc: Various reconnection fixes.