Security Alerts

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 51 weeks 6 days ago

Neoscreen v4.5 Cross-site scripting

Mon, 07/25/2016 - 04:52

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Cross-site scripting
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen digital...
Categories: Security

Neoscreen v4.5 Blind SQL injection

Mon, 07/25/2016 - 04:44

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Blind SQL injection
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------...
Categories: Security

Neoscreen v4.5 Authentication bypass

Mon, 07/25/2016 - 04:37

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen...
Categories: Security

[SECURITY] [DSA 3626-1] openssh security update

Mon, 07/25/2016 - 04:29

Posted by Salvatore Bonaccorso on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3626-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2016-6210
Debian Bug :...
Categories: Security

Autobahn|Python Insecure allowedOrigins validation >= 0.14.1

Mon, 07/25/2016 - 04:20

Posted by mgill on Jul 25

Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third
parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within
another browser's context.

Proof of Concept:
The following will set
```
class OriginCheckServerFactory(WebSocketServerFactory):
protocol = ...arbitrary entry here...

def...
Categories: Security

Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design

Mon, 07/25/2016 - 04:12

Posted by Stefan Kanthak on Jul 25

Hi @ll,

Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).

DISM.exe needs to be run with administrative privileges:
this condition is met in both cases named above.

When called with valid arguments, DISM.exe creates a...
Categories: Security

Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking

Mon, 07/25/2016 - 04:02

Posted by Stefan Kanthak on Jul 25

Hi @ll,

this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.

Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~

1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-win64.exe", save them in an arbitrary directory.

2. Create the (empty) files...
Categories: Security

[slackware-security] bind (SSA:2016-204-01)

Mon, 07/25/2016 - 03:53

Posted by Slackware Security Team on Jul 25

[slackware-security] bind (SSA:2016-204-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...
Categories: Security

CA20160721-01: Security Notice for CA eHealth

Mon, 07/25/2016 - 03:44

Posted by Kotas, Kevin J on Jul 25

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...
Categories: Security

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Mon, 07/25/2016 - 03:34

Posted by Tim Allison on Jul 25

CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Categories: Security