This is a new upstream feature and security release. Improvements include: bypass; pre-filter — fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default; and App Layer stats. Documentation: http://suricata.readthedocs.io/en/suricata-3.2/
Monthly Archives: February 2017
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a remote root access vulnerability.
OpenText Documentum Content Server 7.3 SQL Injection
OpenText Documentum Content Server version 7.3 suffers from a remote SQL injection vulnerability due to a previously announced fix being incomplete.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a privilege escalation vulnerability.
A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures
Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update.
The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the
Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS
Posted by Curesec Research Team (CRT) on Feb 16
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability XSS
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…
Elefant CMS 1.3.12-RC: CSRF
Posted by Curesec Research Team (CRT) on Feb 16
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability CSRF
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…
Plone: XSS
Posted by Curesec Research Team (CRT) on Feb 16
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Plone 5.0.5
Fixed in: Hotfix 20170117
Fixed Version Link: https://plone.org/security/hotfix/20170117
Vendor Contact: security () plone org
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 01/26/2017
Release mode: Coordinated Release
CVE: CVE-2016-7147
Credits…
Elefant CMS 1.3.12-RC: Code Execution
Posted by Curesec Research Team (CRT) on Feb 16
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability Code Execution
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…
Elefant CMS 1.3.12-RC: Code Execution
Posted by Curesec Research Team (CRT) on Feb 16
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability Code Execution
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…