|
|
Colapse all |
Post message
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26 Dawid Golunski (dawid legalhackers com) FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED] 2016-10-25 FreeBSD Security Advisories (security-advisories freebsd org) CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path 2016-10-25 Dennis E. Hamilton (orcmid apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2016-6804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6804> Apache OpenOffice Advisory <https://www.openoffice.org/security/cves/CVE-2016-6804.html> Title: Windows Installer Execution of Arbitrary Code with Elevated Privileges Version [ more ] [ reply ] wincvs-2.0.2.4 Privilege Escalation 2016-10-25 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.t xt [+] ISR: ApparitionSec Vendor: ====================== cvsgui.sourceforge.net www.wincvs.org Product: =========== WinCvs v2.1.1.1 [ more ] [ reply ] APPLE-SA-2016-10-24-3 Safari 10.0.1 2016-10-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-24-3 Safari 10.0.1 Safari 10.0.1 is now available and addresses the following: WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12 Impact: Processing maliciously crafted web content may le [ more ] [ reply ] Puppet Enterprise Web Interface Authentication Redirect 2016-10-22 hyp3rlinx lycos com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC T.txt [+] ISR: ApparitionSec Vendor: ============== www.puppet.com Product: ================================ Puppet Enterprise Web [ more ] [ reply ] Puppet Enterprise Web Interface User Enumeration 2016-10-21 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt [+] ISR: ApparitionSec Vendor: ============== www.puppet.com Product: =============================== Puppet Enterprise Web Interfa [ more ] [ reply ] Puppet Enterprise Web Interface Authentication Redirect 2016-10-21 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC T.txt [+] ISR: ApparitionSec Vendor: ============== www.puppet.com Product: ================================ Puppet Enterprise Web [ more ] [ reply ] Oracle Netbeans IDE v8.1 Import Directory Traversal 2016-10-21 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY -TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: =============== www.oracle.com Product: ================= Netbeans IDE v8.1 Vulne [ more ] [ reply ] ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2016-10-20 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability EMC Identifier: ESA-2016-111 CVE Identifier: CVE-2016-0909 Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affe [ more ] [ reply ] Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update 2016-10-20 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since more than a year now, Windows Update fails (not only, but most notably) on FRESH installations of Windows 7/8/8.1 (especially their 32-bit editions), which then get NO security updates at all [°]! One of the many possible causes: Windows Update Client runs out of (virtual) memory dur [ more ] [ reply ] [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability 2016-10-20 dirtycow dirtcow ninja Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory 2016-10-20 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, on x64 editions of Windows, RegEdit.exe exists both as %windir%\regedit.exe and %windir%\SysWOW64\regedit.exe. <https://msdn.microsoft.com/en-us/library/aa384187.aspx> states | [...] whenever a 32-bit application attempts to access [...] | %windir%\regedit.exe is redirected to %windir%\Sy [ more ] [ reply ] [security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution 2016-10-19 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053137 43 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05313743 Version: 1 HPSBGN03663 rev.1 - HPE ArcS [ more ] [ reply ] Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability 2016-10-19 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability Advisory ID: cisco-sa-20161019-asa-idfw Revision: 1.0 For Public Release 2016 October 19 16:00 GMT +--------------------------------------------------------------------- Su [ more ] [ reply ] [ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability 2016-10-17 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry [ more ] [ reply ] Evernote for Windows DLL Loading Remote Code Execution Vulnerability 2016-10-14 mehta himanshu21 gmail com Aloha, Summary Evernote contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'Evernote_6.1.2.2292.exe' improperly. And it allows an attacker to load th [ more ] [ reply ] [security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information 2016-10-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053075 89 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05307589 Version: 1 HPSBNS03661 rev.1 - NonStop [ more ] [ reply ] Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt [+] ISR: ApparitionSec Vendor: ============= www.snort.org Product: =================== Snort v2.9.7.0-WIN32 Snort is an open-source, fre [ more ] [ reply ] ZendStudio IDE v13.5.1 Privilege Escalation 2016-10-12 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALAT ION.txt [+] ISR: ApparitionSec Vendor: ============ www.zend.com Product: ====================== ZendStudio IDE v13.5.1 Zend Stud [ more ] [ reply ] Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability 2016-10-12 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Meeting Server Client Authentication Bypass Vulnerability Advisory ID: cisco-sa-20161012-msc Revision 1.0 For Public Release 2016 October 12 16:00 UTC (GMT) Last Updated 2016 October 12 16:00 UTC (GMT) +------------------------------------- [ more ] [ reply ] Multiple Vulnerabilities in Plone CMS 2016-10-12 Sebastian Perez (s3bap3 gmail com) [Product Description] Plone is a free and open source content management system built on top of the Zope application server. Plone is positioned as an "Enterprise CMS" and is most commonly used for intranets and as part of the web presence of large organizations [Systems Affected] Product [ more ] [ reply ] [security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities 2016-10-11 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c048196 35 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04819635 Version: 2 HPSBPV03516 rev.2 - HP VAN [ more ] [ reply ] Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 2016-10-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook API v2.1 - RFC6749 Open Redirect Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1972 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2016/10/10/facebook-api-v21 -hit-rfc6749- [ more ] [ reply ] |
|
Privacy Statement |
In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.
The video poc can be found at:
http://legalhackers.com/videos/Apache-
[ more ] [ reply ]