A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).
Monthly Archives: November 2016
Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free
A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue, and apparently all code in this module, is not mitigated by MemGC. This issue appears to have been addressed in July 2016, as it failed to reproduce after the July security updates were installed.
Relevanssi Premium 1.14.4 SQL Injection
Relevanssi Premium version 1.14.4 suffers from a remote SQL injection vulnerability.
Relevanssi Premium 1.14.4 Code Execution
An unserialization vulnerability in Relevanssi Premium version 1.14.4 could allow for code execution.
Huawei Flybox B660 3G/4G Router Authentication Bypass
Huawei Flybox B660 3G/4G router suffers from an authentication bypass vulnerability.
Habari CMS 0.9.2 Cross Site Scripting
Habari CMS version 0.9.2 suffers from a cross site scripting vulnerability.
Post Indexer 3.0.6.1 Man-In-The-Middle
Post Indexer version 3.0.6.1 suffers from a man-in-the-middle vulnerability that may allow for arbitrary code execution.
Post Indexer 3.0.6.1 SQL Injection
Post Indexer version 3.0.6.1 suffers from a remote SQL injection vulnerability.
Teradata Studio Express 15.12.00.00 Race Condition
Teradata Studio Express version 15.12.00.00 suffers from a /tmp race condition.
Palo Alto Networks PanOS Buffer Overflow
Palo Alto Networks PanOS suffers from a stack buffer overflow in the appweb3 embedded webserver.