Posted by Sysdream Labs on Oct 19
## SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal (CVE-2016-7982)
### Product Description
SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.
### Vulnerability Description
The `valider_xml` file can be used to enumerate files on the system.
**Access Vector**: remote
**Security Risk**: medium…
Posted by Sysdream Labs on Oct 19
## SPIP 3.1.2 Template Compiler/Composer PHP Code Execution (CVE-2016-7998)
### Product Description
SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.
### Vulnerability Description
The SPIP template composer/compiler does not correctly handle SPIP “INCLUDE/INCLURE” Tags, allowing PHP code…
Posted by Sysdream Labs on Oct 19
## SPIP 3.1.2 Server Side Request Forgery (CVE-2016-7999)
### Product Description
SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.
### Vulnerability Description
It’s possible to send HTTP/FTP requests using the `valider_xml` file.
Attackers can make it look like the server is sending the…
Posted by Guido Vranken on Oct 19
Triggering this requires that the client sets a very large ALPN list
(several thousand bytes). This would be very unusual in a real-world
application. For this reason OpenSSL does not treat this as a security
vulnerability and I am inclined to agree with this decision. However, if an
attacker can somehow influence the ALPN list of an OpenSSL-enabled
application (perhaps through another vulnerability), the attacker can write
arbitrary data past…
Posted by Finbar Crago on Oct 19
cgiecho a script included with cgiemail will return any file under a
websites document root if the file contains square brackets and the
text within the brackets is guessable.
e.g: http://hostname/cgi-sys/cgiecho/login.php?’pass’=[‘pass'] will
display http://hostname/login.php if it contains $_POST[‘pass’]
This behaviour is listed as a ‘small risk’ in the original
documentation (and back in 1998 it…
Posted by Bogner Florian on Oct 19
Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles
Metadata
===================================================
Release Date: 17-10-2016
Author: Florian Bogner // Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected product: WineBottler (http://winebottler.kronenberg.org/)
Affected versions: up to the still current version 1.8-rc4
Tested on: OS X El Capitan 10.11.6
CVE : product not covered
URL:…
XhP CMS version 0.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Red Hat Security Advisory 2016-2079-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine’s memory and completely bypass Java sandbox restrictions.
Red Hat Security Advisory 2016-2082-01 – Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster. Security Fix: A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.
Cisco Security Advisory – A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.