DOCSLIB.ORG

Vulnerability Summary for the Week of October 31, 2016

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Vulnerability Summary for the Week of October 31, 2016 Vulnerability Summary for the Week of October 31, 2016 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** flash+#layer ,se*after*free vulnerability in -dobe .lash Player 2016-11-01 10.0 CVE-2016-7855 MS (link is before /0.0.0./12 on 3indows and 4' 5 and external) before 66.2.21/.680 on Linu9 allows remote CONFIRM (link attac$ers to e9ecute arbitrary code via is external) MISC (link is uns#ecified vectors, as e9#loited in the wild in external) October /167. alienvault ** PHP ob:ect in:ection vulnerabilities e9ist in 2016-10-28 7.5 CVE-2016-8580 CONFIRM (link open+source+security_inf multi#le widget files in -lien!ault 4''%M and is external) ormation ,'M before 2.0.2. These vulnerabilities allow +and_event+managemen arbitrary PHP code e9ecution via magic methods t in included classes. alienvault ** - vulnerability e9ists in gauge.ph# of -lien!ault 2016-10-28 7.5 CVE-2016-8582 CONFIRM (link open+source+security_inf 4''%M and ,'M before 2.3.2 that allows an is external) ormation attac$er to e9ecute an arbitrary 'QL <uery and +and_event+managemen retrieve database information or read local t system files via MyS;L=s L4-&+.%LE. artife9 ** mu:s - use*after*free vulnerability was observed in 2016-10-28 7.5 CVE-2016-7504 CONFIRM (link >#+toString function of -rtife9 'oftware, %nc. is external) Mu?' before 2c00@af8b0dfA1cfB7@e8fBf7a/62//deA8b0B/a. - successful e9#loitation of this issue can lead to code e9ecution or denial of service condition. artife9 ** mu:s - buffer overflow vulnerability was observed in 2016-10-28 7.5 CVE-2016-7505 CONFIRM (link divby function of -rtife9 'oftware, %nc. Mu?' is external) before AcA12b8eb6Bcf/af7ABcA71b@@e7666d/ee80Bd5. - successful e9#loitation of this issue can lead to code e9ecution or denial of service condition. brocade ** netiron+os - memory corru#tion in the %Psec code #ath of 2016-10-31 7.8 CVE-2016-8203 CONFIRM (link Crocade Net%ron 4' on Crocade ML5s 2.8.01 is external) through 2.8.01e, 2.9.01 through 2.9.01bd, 7.0.01, and 7.0.01a images could allow attac$ers to cause a denial of service (line card reset) via certain constructed %Psec control #ac$ets. cisco ** ios+9e - vulnerability in the Transaction Language 6 2016-11-03 10.0 CVE-2016-6441 CONFIRM (link (TL6) code of isco -'> B11 'eries routers could is external) allow an unauthenticated, remote attac$er to cause a reload of, or remotely e9ecute code on, the affected system. This vulnerability affects isco -'> B11 'eries -ggregation 'ervices >outers (-'>B1/, -'>B10, and -'>B1@) that are running the following releases of isco %4' 5" 'oftware: [email protected]' [email protected]' [email protected]' 0.1A.0' 0.1A.1'. More %nformation: ' uy126@2. Dnown -ffected >eleases: 62.6(6)' 62.6(/)'. Dnown .i9ed >eleases: 62.6(6)'/.1/ 62.6(6.1@)'1.46 62.6(6.1@)'P 62.6(/)'P 67.4(1.1A0) 67.5(1.11). cisco ** meeting+a## - vulnerability in isco Meeting 'erver and 2016-11-03 7.5 CVE-2016-6447 CONFIRM (link Meeting -## could allow an unauthenticated, is external) remote attac$er to e9ecute arbitrary code on an affected system. This vulnerability affects the following #roducts: isco Meeting 'erver releases #rior to /.0.1, -cano 'erver releases #rior to 6.8.17 and #rior to 6.9.0, isco Meeting -## releases #rior to 6.9.8, -cano Meeting -##s releases #rior to 6.8.32. More %nformation: ' va@2B8/ ' vb7@A@A. Dnown -ffected >eleases: 6.86.9/.0. cisco ** meeting+server - vulnerability in the 'ession Descri#tion 2016-11-03 7.5 CVE-2016-6448 CONFIRM (link Protocol ('&P) #arser of isco Meeting 'erver is external) could allow an unauthenticated, remote attac$er to e9ecute arbitrary code on an affected system. This vulnerability affects the following #roducts: isco Meeting 'erver releases #rior to >elease /.0.3, -cano 'erver releases 6.B.x #rior to >elease 6.9.5, -cano 'erver releases 6.A.x #rior to >elease 6.8.1@. More %nformation: ' va@7118. Dnown -ffected >eleases: 6.8.x 6.9/.0. cisco ** #rime+home - vulnerability in the web*based gra#hical user 2016-11-03 10.0 CVE-2016-6452 CONFIRM (link interface (E,%) of isco Prime Home could allow is external) an unauthenticated, remote attac$er to bypass authentication. The attac$er could be granted full administrator #rivileges. isco Prime Home versions 2.1.1.6 and earlier and 2.2./.2 and earlier have been confirmed to be vulnerable. isco Prime Home versions 7.0 and later are not vulnerable. More %nformation: ' vb@6@0/. Dnown -ffected >eleases: 2.0 2.0(6) 2.0(6.1) 2.0(6.2) 2.0(/) 2.62.1(1) 2.1(6) 2.1(6.3) 2.1(6.4) 2.1(6.5) 2.1(6.6) 2.1(/) 2.1(/.1) 2.1(/.3) 2./2.2(1.1) 2.2(6.0) 2.2(6.2) 2.2(/.0) 2.2(/.1) 2.2(/.2). e9#onentcms ** "9#onent M' before /.0.9 is vulnerable to an 2016-11-03 7.5 CVE-2016-7095 CONFIRM e9#onent+cms attac$er u#loading a malicious scri#t file using redirection to #lace the scri#t in an un#rotected folder, one allowing scri#t e9ecution. e9#onentcms ** The Pi9idou %mage Editor in "9#onent M' #rior 2016-11-03 7.5 CVE-2016-7453 CONFIRM (link e9#onent+cms to v2.3.9 #atch / could be used to #erform an fid is external) 'QL %n:ection. google ** android On 'amsung Eala9y '8 through '@ devices, 2016-10-31 7.8 CVE-2016-7988 CONFIRM (link absence of #ermissions on the is external) Croadcast>eceiver res#onsible for handling the com.['amsungG.android.intent.action.SET+3%.% intent leads to unsolicited configuration messages being handled by wifi*service.jar within the -ndroid .ramewor$, a subset of '!"* /167*728/. google ** android On 'amsung Eala9y '8 through '@ devices, a 2016-10-31 7.8 CVE-2016-7989 CONFIRM (link malformed OT- 3-P P,'H 'M' containing an is external) OM- P message sent remotely triggers an unhandled -rrayInde9OutOfCounds"9ce#tion in 'amsung=s im#lementation of the 3ifi'ervice%m#l class within wifi*service.jar. This causes the -ndroid runtime to continually crash, rendering the device unusable until a factory reset is #erformed, a subset of '!"*/167*728/. google ** android On 'amsung Eala9y '8 through '@ devices, an 2016-10-31 10.0 CVE-2016-7990 CONFIRM (link integer overflow condition e9ists within is external) libomac#.so when #arsing OM- P messages (within 3-P Push 'M' messages) leading to a hea# corru#tion that can result in Denial of 'ervice and #otentially remote code e9ecution, a subset of '!"*/167*728/. google ** android On 'amsung Eala9y '8 through '@ devices, the 2016-10-31 7.8 CVE-2016-7991 CONFIRM (link Homac#H a## ignores security information is external) embedded in the OM- P messages resulting in remote unsolicited 3-P Push 'M' messages being acce#ted, #arsed, and handled by the device, leading to unauthorized configuration changes, a subset of '!"*/167*728/. h# ** HP" 'ystem Management Home#age before 2016-10-28 7.8 CVE-2016-4395 miscellaneous system+management+ho v7.6 allows remote attac$ers to have an (link is external) me#age uns#ecified im#act via un$nown vectors, related CONFIRM (link to a HCuffer Overflow" issue. is external) miscellaneous (link is external) h# ** HP" 'ystem Management Home#age before 2016-10-28 7.8 CVE-2016-4396 miscellaneous system+management+ho v7.6 allows remote attac$ers to have an (link is external) me#age uns#ecified im#act via un$nown vectors, related CONFIRM (link to a HCuffer Overflow" issue. is external) miscellaneous (link is external) libcs#+#roject ** libcs# Cuffer overflow in the cs#+can+#rocess+frame in 2016-10-28 7.5 CVE-2016-8596 MISC (link is cs#+if+can.c in the libcs# library v6.4 and earlier external) allows hostile com#onents connected to the canbus to e9ecute arbitrary code via a long cs# #ac$et. libcs#+#roject ** libcs# Cuffer overflow in the cs#+sf#+recv_f# in 2016-10-28 7.5 CVE-2016-8597 MISC (link is cs#+sf#.c in the libcs# library v1.4 and earlier external) allows hostile com#onents with networ$ access to the '.P underlying networ$ layers to e9ecute arbitrary code via s#ecially crafted '.P #ac$ets. libcs#+#roject ** libcs# Cuffer overflow in the zm< interface in 2016-10-28 7.5 CVE-2016-8598 MISC (link is cs#+if+zm<hub.c in the libcs# library v1.4 and external) earlier allows hostile com#uters connected via a zm< interface to e9ecute arbitrary code via a long #ac$et. microfocus ** rumba 'tac$ buffer overflow in the send.e9e and 2016-11-03 7.5 CVE-2016-9176 MISC (link is receive.e9e com#onents of Micro .ocus >umba external) B.4 and earlier could be used by local attac$ers or attac$ers able to in:ect arguments to these binaries to e9ecute code.
Load more

Recommended publications
  • Content Management (CMS) Lecture 02: Content Management Systems - Introduction Mariusz Trzaska, Ph
    Content Management (CMS) Lecture 02: Content Management Systems - introduction Mariusz Trzaska, Ph. D. [email protected], http:// www.mtrzaska.com Agenda Introduction CMS functionality Design of a CMS Classification and review of CMSs Summary Source : Wikipedia.com, Fragments of materials written by professor Kazimierz Subieta. Content management 2 Introduction Content Management System (CMS) Internet portal (Wikipedia): the kind of information service for which the Internet is a medium. Typically, a web portal includes news, weather, web directory, chat and search functionality. Content management 3 Introduction (2) Polish portals o Wirtualna Polska – first portal in Poland o Onet.pl o Gazeta.pl o o2.pl Foreign portals o Yahoo o AOL Content management 4 Introduction (3) Vortal – special kind of a portal, publishing information thematically similar to each other Wikipedia Examples o Theatrical vortal : http://www.e-teatr.pl/ o Sports vortal: http://new.sports.pl/ o Astronomical vortal : http://www.astronomia.pl/ o Treasure Hunter’s vortal: http://www.poszukiwania.pl o Software vortal: www.dobreprogramy.pl/ o Portals/ Vortals on Wikipedia: http://pl.wikipedia.org/wiki/Wikipedia:Wikiportale Content management 5 Creative chaos in the field of CMS Technological and market innovation and the possibility of earning big money cause the beginning of chaos. If A, B, C, formats are used for a given type of content, then a mapping A-B, B-A, A-C will be needed The lack of standards and incompatible solutions implies middleware, mostly based on the new format (see JSON, XML). The "two programmers in the garage" syndrome: the success of a micro-scale solution causes the bottom-up solution for the macro-scale to expand (see HTML, XML, ...).
    [Show full text]
  • Vulnerability Summary Report of May, 2019
    1 SB19-154 VULNERABILITY SUMMARY FOR MAY 2019 2 SB19-154 Vulnerability Summary for May 2019 Cybernetic GI Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team, is sponsored by The NVD. For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and determined by the Common Vulnerability Scoring System (CVSS) standard. They are organized according to severity, by the division of high, medium and low severities correspond to the following scores: High -Vulnerabilities will be labeled High severity if they have a CVSS base score of 10.0 - 7.0. Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of - 4.0 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 3.9 - 0.0 Entries may include additional information provided by organizations and efforts sponsored by Cybernetic GI. This data may include identifying information, values, definitions, and related links. The patch information is provided to users when available. Please note that some of the information in the bulletin is compiled from external, open source reports and is not a direct result of Cybernetic GI analysis. The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
    [Show full text]
  • Professional LAMP : Linux, Apache, Mysql, and PHP Web Development / Jason Gerner
    01_59723x ffirs.qxd 10/31/05 6:37 PM Page iii Professional LAMP Linux®, Apache, MySQL®, and PHP5 Web Development Jason Gerner Elizabeth Naramore Morgan L. Owens Matt Warden 01_59723x ffirs.qxd 10/31/05 6:37 PM Page i Professional LAMP 01_59723x ffirs.qxd 10/31/05 6:37 PM Page ii 01_59723x ffirs.qxd 10/31/05 6:37 PM Page iii Professional LAMP Linux®, Apache, MySQL®, and PHP5 Web Development Jason Gerner Elizabeth Naramore Morgan L. Owens Matt Warden 01_59723x ffirs.qxd 10/31/05 6:37 PM Page iv Professional LAMP: Linux®, Apache, MySQL®,and PHP5 Web Development Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN-13: 978-0-7645-9723-7 ISBN-10: 0-7645-9723-X Printed in the United States of America Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1MA/RW/RR/QV/IN Library of Congress Cataloging-in-Publication Data Professional LAMP : Linux, Apache, MySQL, and PHP Web development / Jason Gerner ... [et al.]. p. cm. ISBN-13: 978-0-7645-9723-7 (paper/website) ISBN-10: 0-7645-9723-X (paper/website) 1. Web site development. 2. Open source software. I. Title: Linux, Apache, MySQL, and PHP Web development. II. Gerner, Jason, 1978– TK5105.888.P677 2006 005.2'762—dc22 2005026487 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
    [Show full text]
  • Vulnerability Summary for the Week of November 14, 2016
    Vulnerability Summary for the Week of November 14, 2016 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity dotcms ** dotcms 'QL in,ection vulnerability in the 2016-11-14 7.5 CVE-2016-8902 MISC categories'ervlet servlet in dot M' before -.3.. MISC (link is allows remote not authenticated attac$ers to external) e/ecute arbitrary '+L commands via the sort MISC (link is external) #arameter. MISC (link is external) emc ** avamar0data0store EM 1vamar &ata 'tore (1&') and 1vamar 2016-11-15 7.2 CVE-2016-0909 miscellaneous !irtual Edition (1!") versions 2.3 and older CONFIRM (link contain a vulnerability that may e/#ose the is external) 1vamar servers to #otentially be com#romised by malicious users. e/#onentcms ** %n 2016-11-15 7.5 CVE-2016-9287 CONFIRM (link e/#onent0cms 3framewor$3modules3notfound/controllers3notf is external) oundController.ph# of "/#onent M' 4.4.0 #atch., untrusted in#ut is #assed into get'earch7esults. The method get'earch7esults is defined in the search model with the #arameter 89term8 used directly in 'QL. %m#act is a 'QL in,ection. e/#onentcms ** %n 2016-11-11 7.5 CVE-2016-9288 CONFIRM (link e/#onent0cms framewor$3modules3navigation3controllers3navi is external) gation ontroller.ph# in "/#onent M' v2.4.0 or older, the #arameter :target: of function :DragnDro#7e7an$: is directly used without any filtration which caused 'QL in,ection.
    [Show full text]
  • Open Source Platforms - Content Management Systems (CMS)
    Open Source Platforms - Content Management Systems (CMS) Γιάκας Αθανάσιος ΑΕΜ 531 Συστήματα Διαχείρισης Περιεχομένου ● Τα Συστήματα Διαχείρισης Περιεχομένου (ΣΔΠ, Content Management Systems, CMS) είναι διαδικτυακές εφαρμογές που επιτρέπουν την online τροποποίηση του περιεχομένου ενός δικτυακού τόπου. ● Οι διαχειριστές μέσω του διαδικτύου ενημερώνουν το περιεχόμενο στο ΣΔΠ, το οποίο είναι εγκατεστημένο σ' ένα διακομιστή. Οι αλλαγές αυτές γίνονται αυτόματα διαθέσιμες πάλι μέσω του διαδικτύου, σε όλους τους επισκέπτες και χρήστες του δικτυακού τόπου. Κατάλογος Συστημάτων Διαχείρισης Περιεχομένου Ανοιχτού Κώδικα ανά πλατφόρμα ● ASP.NET: DotNetNuke Community Edition , mojoPortal , Umbraco , N2 CMS , MvcCms ● JAVA: jAPS, OpenCms, Liferay, Dspace, Fedora, dotCMS, Nuxeo EP, Alfresco, Magnolia, Hippo, Calenco ● Perl: blosxom ,Bricolage , MojoMojo, Movable Type ,Twiki ,Scoop ,Slash ,WebGUI ● PHP: AdaptCMS Lite, Atutor, b2evolution, Bedita, BLOG:CMS, CivicSpace, CMS Made Simple, Concrete5, Dotclear, Drupal ,DynPG, eFront ,e107, Exponent CMS, eZ Publish, Frog CMS, Gamboo Web Suite, GCMS, ImpressCMS, Jaws, Joomla!, Habari, KnowledgeTree Document Management System, Lyceum,Mambo,Merlintalk, MiaCMS, Midgard CMS MODx, MySource Matrix (Squiz), Nucleus ,Opus,PHP-Fusion, PHP-Nuke, PHPSlash, phpWebSite,Pixie (CMS),RavenNuke CMS,SilverStripe,SPIP, TangoCMS, Textpattern,TikiWiki CMS/Groupware ,Tribiq CMS ,TYPO3 ,whCMS,WordPress,Website Baker, Xaraya, Zikula Κάποιοα από τα πιο δημοφιλή open source CMS ● Drupal ● Wordpress ● Joomla ● Textpattern ● Radiant CMS
    [Show full text]
  • Vulnerability Summary for the Week of February 13, 2017
    Vulnerability Summary for the Week of February 13, 2017 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The CVSS (Common Vulnerability Scoring 'ystem) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** cam#aign +dobe am#aign versions ,-.4 /uild 012. and 2017-02-15 7.5 CVE-2017-2968 CONFIRM (link earlier have a code in3ection vulnerability. is external) CONFIRM (link is external) adobe ** digital_editions +dobe Digital Editions versions ..5.3 and earlier 2017-02-15 10.0 CVE-2017-2973 CONFIRM (link have an e7#loitable hea# overflow vulnerability. is external) 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2982 CONFIRM (link earlier have an e7#loitable use after free is external) vulnerability in a routine related to #layer shutdown. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2984 CONFIRM (link earlier have an e7#loitable hea# overflow is external) vulnerability in the h2-. decoder routine. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:.
    [Show full text]
  • Professional LAMP : Linux, Apache, Mysql, and PHP Web Development / Jason Gerner
    01_59723x ffirs.qxd 10/31/05 6:37 PM Page iii Professional LAMP Linux®, Apache, MySQL®, and PHP5 Web Development Jason Gerner Elizabeth Naramore Morgan L. Owens Matt Warden 01_59723x ffirs.qxd 10/31/05 6:37 PM Page iv Professional LAMP: Linux®, Apache, MySQL®,and PHP5 Web Development Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN-13: 978-0-7645-9723-7 ISBN-10: 0-7645-9723-X Printed in the United States of America Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1MA/RW/RR/QV/IN Library of Congress Cataloging-in-Publication Data Professional LAMP : Linux, Apache, MySQL, and PHP Web development / Jason Gerner ... [et al.]. p. cm. ISBN-13: 978-0-7645-9723-7 (paper/website) ISBN-10: 0-7645-9723-X (paper/website) 1. Web site development. 2. Open source software. I. Title: Linux, Apache, MySQL, and PHP Web development. II. Gerner, Jason, 1978– TK5105.888.P677 2006 005.2'762—dc22 2005026487 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
    [Show full text]
  • Vulnerability Summary for the Week of February 10, 2014
    Vulnerability Summary for the Week of February 10, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** ,dobe 'hoc$wave Player before -..0.9.-10 2014-02-11 10.0 CVE-2014-0500 shoc$wave+#layer allows remote attac$ers to e2ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*./-1*/3/-. adobe ** ,dobe 'hoc$wave Player before -..0.9.-10 2014-02-11 10.0 CVE-2014-0501 shoc$wave+#layer allows remote attac$ers to e2ecute arbitrary code or cause a denial of service (memory corru#tion) via uns#ecified vectors, a different vulnerability than !"*./-1*/3//. cisco ** 'QL in5ection vulnerability in the %P Manager 2014-02-13 7.5 CVE-2014-0726 unified_communications+ ,ssistant (%PM,) interface in isco 6nified manager ommunications Manager (6 M) -/.0(-) and earlier allows remote attac$ers to e2ecute arbitrary 'QL commands via a crafted 67L, a$a 8ug %D ' um/39.:. cisco ** 'QL in5ection vulnerability in the allManager 2014-02-13 7.5 CVE-2014-0727 unified_communications+ %nteractive !oice 7es#onse ( M%!7) interface in manager isco 6nified ommunications Manager (6 M) allows remote attac$ers to e2ecute arbitrary 'QL commands via a crafted 67L, a$a 8ug %D ' um/39-;.
    [Show full text]
  • Vulnerability Summary for the Week of August 28, 2017
    Vulnerability Summary for the Week of August 28, 2017 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 High Vulnerabilities CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging CVE-2015- incorrect 3653 permission 2017- CONFIRM(li arubanetworks -- clearpass checking. 08-29 9.0 nk is external) Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote CVE-2015- authenticated 3654 administrators to 2017- CONFIRM(li arubanetworks -- clearpass gain root 08-29 9.0 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root CVE-2015- privileges via 4649 unspecified CONFIRM(li vectors, a different nk is external) vulnerability than 2017- BID(link is arubanetworks -- clearpass CVE-2015-3654.
    [Show full text]
  • Content Management Systems (CMS) Lecture 04: Content Management Systems – Presentation of Popular Solutions
    Content Management Systems (CMS) Lecture 04: Content Management Systems – presentation of popular solutions Mariusz Trzaska, Ph. D. [email protected], http:// www.mtrzaska.com Agenda Presentation of several free systems. Popularity of CMS. Security of CMS. New trends Summary. Content management (CMS) 2 Introduction Sources: o The 20 point CMS test from http://www.openadvantage.org o https://www.ionos.com/digitalguide/hosting/cms /cms-comparison-a-review-of-the-best-platforms/ Content management (CMS) 3 Some popular CMSs (open-source) WordPress Orchard Drupal Magnolia Joomla Contao Xoops Neon Exponent CMS Plone Typo3 Exponent CMS Content management (CMS) 4 WordPress Used to be a blogging system. Currently: o powerful, o universal, o easy to use CMS system. One of the most popular in the world. Content management (CMS) 5 WordPress (2) Features o Dashboard with customizable widgets; o Preview of visual themes without applying them; o Simple image editing for articles; o Dedicated tag for automatic splitting of posts into pages; o Automatic media embedding; o Support for multiple portals on a single installation; Content management (CMS) 6 WordPress (3) Features – cont. o Very good WYSIWIG editor (classic and block- based); o Ability to specify the publication date; o Dedicated mobile applications for Android and iOS; o Optional blocking of posts with a password; o Draft content; o Good search system; o Friendly urls; Content management (CMS) 7 WordPress (4) Features – cont. o Multi-language support (GUI); o Importing content from other systems; o Automatic core and plugin updates; o Extensive API to facilitate potential integration with other systems; o Possibility of authentication using external services, e.g.
    [Show full text]
  • Vulnerability Summary for the Week of February 6, 2017
    Vulnerability Summary for the Week of February 6, 2017 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The CVSS (Common Vulnerability Scoring 'ystem) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity dotnetnu$e ** dotnetnu$e The installation wizard in DotNetNu$e (DNN) 2017-02-06 7.5 CVE-2015-2794 CONFIRM (link before +.4.- allows remote attac$ers to reinstall is external) the a##lication and gain 'u#er.ser access via a CONFIRM (link direct re/uest to %nstall/%nstallWizard.as#2. is external) CONFIRM (link is external) EXPLOIT-DB (link is external) e2#onentcms ** Multi#le 'QL in5ection vulnerabilities in 2017-02-07 7.5 CVE-2016-7400 MLIST (link is e2#onent3cms "2#onent M' before 6.4.0 allow remote external) attac$ers to e2ecute arbitrary 'QL commands via MLIST (link is the (-) id #arameter in an activate3address external) BID (link is address controller action, (6) title #arameter in a external) show blog controller action, or (8) content3id CONFIRM (link #arameter in a showComments e2# omment is external) controller action. CONFIRM (link is external) e2#onentcms ** 9n issue was discovered in "2#onent M' 6.4.1. 2017-02-06 7.5 CVE-2017-5879 BID (link is e2#onent3cms This is a blind '4L in5ection that can be e2#loited external) by un*authenticated users via an HTTP :"T MISC (link is re/uest and which can be used to dum# external) database data out to a malicious server, using an out*of*band techni/ue, such as select3loadfile().
    [Show full text]
  • Criando Sites Com Um Sistema De Gerenciamento De Conteúdo (CMS - Content Management Systems )
    Criando sites com um Sistema de Gerenciamento de Conteúdo (CMS - Content Management Systems ) Sistema de Gerenciamento de Conteúdo (Content Management Systems - CMS ) Entendendo o que são Servidor Web e Host Preparando o computador para ser um servidor web Aprendendo a instalar e usar o CMS Wordpress Prof. Cláudio Toldo Webjornalismo 2 Sistema de Gerenciamento de Conteúdo (CMS - Content Management Systems ) O que é CMS: Um sistema gestor de sites, blogs, portais e intranets que integra ferramentas para criar, gerir (editar e inserir) conteúdos sem a necessidade de programação de código, cujo objetivo é estruturar e facilitar a criação, administração, distribuição, publicação e disponibilidade da informação de forma dinâmica, através de uma interface via internet. Os CMS são frameworks, “um esqueleto” de website pré-programado, com recursos básicos e de manutenção e administração prontamente disponíveis. Principais CMS (php + MySql + Apache): Wordpress, Joomla! e Drupal Outros: AdaptCMS Lite, BLOG:CMS, CivicSpace, eFront, Exponent CMS, ExpressionEngine, GCMS, ImpressCMS, Jaws, KnowledgeTree Document Management System, Lyceum, Mambo, MiaCMS, MODx, MySource Matrix (Squiz), Nucleus CMS, OneCMS, Opus, PHP-Fusion, PHP-Nuke, PHPSlash, phpWCMS, SilverStripe, SPIP, TangoCMS, Textpattern, TikiWiki CMS/Groupware, Tribiq CMS, TYPO3, whCMS, Midgard CMS, Frog CMS, MediaWiki, Merlintalk, phpWebSite, Habari, eZ Publish, Xaraya Os CMS são criados sob a licença GNU General Public License (Licença Pública Geral) GNU GPL ou simplesmente GPL, é a designação da licença para software livre idealizada por Richard Stallman no final da década de 1980, no âmbito do projeto GNU da Free Software Foundation (FSF). A GPL é a licença com maior utilização por parte de projetos de software livre, em grande parte devido à sua adoção para o Linux.
    [Show full text]