Security fix for CVE-2016-9296
Monthly Archives: November 2016
p7zip-16.02-2.fc23
Security fix for CVE-2016-9296
p7zip-16.02-2.fc25
Security fix for CVE-2016-9296
p7zip-16.02-2.fc24
Security fix for CVE-2016-9296
Multiple issues in OpManager 12100 & 12200
Posted by Michael Heydon on Nov 20
Title: Multiple issues in OpManager
Author: Michael Heydon
Product: OpManager
Tested Versions: 12100 & 12200
Vendor: Zoho ManageEngine
Vendor Notified: 2016-08-14
Disclosure Date: 2016-11-20
Product Description:
====================
OpManager is a web-based network monitoring system. It is used primarily by
IT staff and it stores credentials in order to log in to systems which are
to be monitored. According to ManageEngine it is…
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
Posted by Julien Ahrens on Nov 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Path Traversal [CWE-22]
Date found: 2016-06-23
Date published: –
CVSSv3 Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by Julien…
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure
Posted by Julien Ahrens on Nov 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Information Exposure Through an Error Message [CWE-209]
Date found: 2016-06-29
Date published: –
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: –
2. CREDITS
==========
This vulnerability was…
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting
Posted by Julien Ahrens on Nov 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Cross-site Scripting [CWE-79]
Date found: 2016-06-29
Date published: –
CVSSv3 Score: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by…
DSA-3719 wireshark – security update
It was discovered that wireshark, a network protocol analyzer,
contained several vulnerabilities in the dissectors for DCERPC,
AllJoyn, DTN, and OpenFlow, that could lead to various crashes,
denial-of-service, or execution of arbitrary code.
DSA-3720 tomcat8 – security update
Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in possible timing attacks to
determine valid user names, bypass of the SecurityManager, disclosure of
system properties, unrestricted access to global resources, arbitrary
file overwrites, and potentially escalation of privileges.