NVD

CVE-2015-8602

December 17, 2015 007admin

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.

Security

Critical Flaws Found in Network Management Systems

December 17, 2015 007admin

Rapid7 has reported and disclosed a half-dozen XSS and SQL injection flaws in popular network management systems, all of which can be reached via SNMP.

US-CERT

Juniper Releases Out-of-band Security Advisory for ScreenOS

December 17, 2015 007admin

Original release date: December 17, 2015

Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections.

US-CERT recommends that users and administrators review Juniper Security Bulletin 2015-12 and update all affected ScreenOS versions.

This product is provided subject to this Notification and this Privacy & Use policy.

Security

PyAMF 0.7.2 XXE Injection

December 17, 2015 007admin

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

Security