Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
Add systemd unit file for Xvnc.
Category Archives: Security
Security
SmartJobBoard – Cross-site scripting, personal information disclosure and PHPMailer package
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
SmartJobBoard
Versions affected:
v5.0.9 and below.
Vulnerability:
1) Cross-site scripting vulnerabilities in the following locations and
parameters:
/add-listing/ [proceed_to_posting parameter]
/add-listing/ [productSID parameter]
/add-listing/Resume/General/ [productSID parameter]…
tigervnc-1.7.1-4.fc26
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
Add systemd unit file for Xvnc.
SilverStripe CMS – Path Disclosure
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/silverstripe-cms—path-disclosure.html
Date:
04-Apr-2017
Product:
SilverStripe CMS
Versions affected:
3.1.9 and below.
Vulnerability:
Path disclosure.
Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php
https://www.silverstripe.org/download/security-releases/ss-2015-001/
Credit:
Discovered by Patrick Webster
Disclosure timeline:
07-Nov-2015 -…
Tweek!DM Document Management Authentication bypass, SQL injection
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Tweek!DM Document Management
Versions affected:
Unknown
Vulnerabilities:
1) Authentication bypass – the software sends a 301 Location redirect
back to the login page, if an unauthenticated user requests an
authenticated administration page. However on the PHP side the script
does not exit(0); therefore…
tigervnc-1.7.1-3.fc24
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Computer Associates (Layer7) API Gateway
Versions affected:
v7, v8, v9
Vulnerabilities:
1) CRLF Response Splitting
https://[target]:8443/test%0d%0a<h1>string?wsdl
Parameters uri=’/test
<h1>string’ did not resolve to any service….
tigervnc-1.7.1-3.fc26
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
tigervnc-1.7.1-3.fc25
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal
Posted by DefenseCode on Apr 04
DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal
Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Release Date: 2017-04-04
Risk: Medium
Full Advisory URL:…