Posted by Joey Kelly on Mar 28
This conflates two issues, and anyhow, Basic Authentication is not a
problem (Digest won’t be any more secure than Basic, if SSL is used…
is it present?).
CAPTCHA has nothing to do with CSRF. Neither do default credentials.
Posted by Haifei Li on Mar 28
Hi,
Just wanted to let you know I’ve released a blog post discussing an interesting Outlook bug (remote crashing, or?),
feel free to reach me for discussions of the exploitability of the bug.
http://justhaifei1.blogspot.com/2017/03/an-interesting-outlook-bug.html
An Interesting Outlook Bug<http://justhaifei1.blogspot.com/2017/03/an-interesting-outlook-bug.html>
justhaifei1.blogspot.com
Last week I reported an interesting bug in…
An update for Red Hat Enterprise Linux Amazon Machine Image is now available for
Red Hat Enterprise Linux 6.
Updated Red Hat Directory Server packages that fix one bug are now
available for Red Hat Directory Server 9.
Red Hat Enterprise Linux: Updated yum-rhn-plugin packages that fix one bug are now available for Red Hat
Enterprise Linux 6.5 Advanced Update Support.
Updated Red Hat Update Infrastructure 2.x packages that enable additional
content streams such as AUS and ELS
Posted by hyp3rlinx on Mar 28
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt
[+] ISR: ApparitionSec
Vendor:
==============
www.dzsoft.com
Product:
=========================
DzSoft PHP Editor v4.2.7
DzSoft PHP Editor is a tool for writing and testing PHP and HTML pages.
Vulnerability Type:
====================
File Enumeration
CVE Reference:…
27th March, 2017
A security issue affects these releases of Ubuntu and its
derivatives:
GStreamer Base Plugins could be made to crash if it opened a specially
crafted file.
Hanno Böck discovered that GStreamer Base Plugins did not correctly handle
certain malformed media files. If a user were tricked into opening a
crafted media file with a GStreamer application, an attacker could cause a
denial of service via application crash.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
27th March, 2017
A security issue affects these releases of Ubuntu and its
derivatives:
GStreamer Good Plugins could be made to crash if it opened a specially
crafted file.
Hanno Böck discovered that GStreamer Good Plugins did not correctly handle
certain malformed media files. If a user were tricked into opening a
crafted media file with a GStreamer application, an attacker could cause a
denial of service via application crash.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
27th March, 2017
A security issue affects these releases of Ubuntu and its
derivatives:
Eject could be made to run programs as an administrator.
Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid
and setgid return values. A local attacker could use this issue to execute code
as an administrator.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.