WineBottler versions 1.8-rc4 and below suffer from a man-in-the-middle vulnerability that can allow for remote code execution.
Monthly Archives: October 2016
ManageEngine ServiceDesk Plus 9.2 Build 9207 Information Disclosure
ManageEngine ServiceDesk Plus version 9.2 build 9207 suffers from an unauthorized information disclosure vulnerability.
SPIP 3.1.2 File Enumeration / Path Traversal
SPIP versions 3.1.2 and below suffer from file enumeration and path traversal vulnerabilities.
Vuln: OpenSSL CVE-2016-6304 Denial of Service Vulnerability
OpenSSL CVE-2016-6304 Denial of Service Vulnerability
Vuln: Node.js CVE-2016-5325 CRLF Injection Vulnerability
Node.js CVE-2016-5325 CRLF Injection Vulnerability
Vuln: Node.js CVE-2016-7099 Security Bypass Vulnerability
Node.js CVE-2016-7099 Security Bypass Vulnerability
SPIP 3.1.2 Cross Site Scripting
SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability.
SPIP 3.1.2 Cross Site Request Forgery
SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.
Re: Critical Vulnerability in Ubiquiti UniFi
Posted by Carlos Silva on Oct 19
AFAIK, that’s actually the Unifi Controller, but that’s “web based” as in,
you access it via a browser (I use the same on my Unifi setup). So, I still
can’t see, nor understand, how to exploit said vulnerability unless you
already have a local account on the controller.
Re: Critical Vulnerability in Ubiquiti UniFi
Posted by kvnjs on Oct 19
Tim conflates two products in his original report:
Product: UniFi AP AC Lite
Vendor: Ubiquiti Networks Inc.
Internal reference: ? (Bug ID)
Vulnerability type: Incorrect access control
Vulnerable version: Unify 5.2.7 and possible other versions affected (not
tested)
[…]
Both the UniFi appliance line and the AP management software are properly
spelled ‘UniFi’.