CentOS Errata and Bugfix Advisory 2016:1009 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1009.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8a1b5a12cc396b85b2bb8022acc81358366d4a24b6d819ad887478f4b3aad972 firefox-45.1.1-1.el5.centos.i386.rpm x86_64: 8a1b5a12cc396b85b2bb8022acc81358366d4a24b6d819ad887478f4b3aad972 firefox-45.1.1-1.el5.centos.i386.rpm 7cc5b5f1ba36683f7f8b2c04ffaf7151aec3212356d708a852c531b42b6dcf3a firefox-45.1.1-1.el5.centos.x86_64.rpm Source: 2d374e8d6925993a0c43346ab99b73ab7265e334326237318249adacbdade2c4 firefox-45.1.1-1.el5.centos.src.rpm
Monthly Archives: May 2016
CEBA-2016:1008 CentOS 5 sos BugFix Update
CentOS Errata and Bugfix Advisory 2016:1008 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1008.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a475b5d668e11fdedb198fce3b0c7acb44fc6792cfe2b476582827c10235bfde sos-1.7-9.74.el5.centos.noarch.rpm x86_64: a475b5d668e11fdedb198fce3b0c7acb44fc6792cfe2b476582827c10235bfde sos-1.7-9.74.el5.centos.noarch.rpm Source: a241963fe6488483dc6c0f6bd811a1a6e7eb9ab44683430341aa439855fa52be sos-1.7-9.74.el5.centos.src.rpm
More Zero Days In The Wild For Windows And Flash
BulletProof Security 53.3 – Security Advisory – Multiple XSS Vulnerabilities
Posted by Onur Yilmaz on May 10
Information
——————–
Advisory by Netsparker
Name: Multiple XSS Vulnerabilities in BulletProof Security
Affected Software : BulletProof Security
Affected Versions: v53.3 and possibly below
Vendor Homepage : https://wordpress.org/plugins/bulletproof-security/
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
Netsparker Advisory Reference : NS-16-004
Technical Details
——————–
Proof of Concept…
CVE-2016-0126
Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
CVE-2016-0140
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
CVE-2016-0149
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka “TLS/SSL Information Disclosure Vulnerability.”
CVE-2016-0152
Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka “Windows DLL Loading Remote Code Execution Vulnerability.”
CVE-2016-0168
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka “Windows Graphics Component Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-0169.
CVE-2016-0169
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka “Windows Graphics Component Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-0168.