Security News

Bugtraq: APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003

Security Focus Vulnerabilities - 17 May, 2016 - 13:55
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003

Bugtraq: APPLE-SA-2016-05-16-3 watchOS 2.2.1

Security Focus Vulnerabilities - 17 May, 2016 - 08:35
APPLE-SA-2016-05-16-3 watchOS 2.2.1

WSO2 SOA Enablement Server - Reflected Cross-Site Scripting

Full Disclosure - 17 May, 2016 - 08:30

Posted by Etnies on May 17

Title: WSO2 SOA Enablement Server - Reflected Cross-Site Scripting
Authors: Jakub Pałaczyński, Łukasz Juszczyk
Date: 08. April 2016

Affected Software:
=============

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Proof of Concept:
============

PoC works only in IE browser - path is reflected in the response and needs
to be long enough to bypass IE's 404 page...

[ICS] Meteocontrol WEB’log Multiple Vulnerabilities

Full Disclosure - 17 May, 2016 - 08:30

Posted by Karn Ganeshen on May 17

[ICS] Meteocontrol WEB’log Multiple Vulnerabilities

*About MeteoControl WEB’log*

Meteocontrol is a Germany-based company that maintains offices in several
countries around the world, including the US, China, Italy, Spain, France,
Switzerland, and Israel.

The affected products, WEB’log, are web-based SCADA systems that provide
functions to manage energy and power configurations in different connected
(energy/industrial) devices....

OWTF 2.0a "Tikka Masala" released!

Full Disclosure - 17 May, 2016 - 08:30

Posted by Abraham Aranguren on May 17

Dear Full Disclosure friends,

We are pleased to let you know that OWASP OWTF 2.0a "Tikka Masala" has
been released!
Dedicated to the courage and hard work shown by all OWASP OWTF
contributors, especially the Indian ones!, the mentors, everybody that
gave us cool ideas, etc. to make this amazing release happen, to all of
you, thank you!

Some links:
- Handy redirect: http://owtf.org/
(takes you to:...

Re: Code Execution Vulnerabilities In 7zip

Full Disclosure - 17 May, 2016 - 08:30

Posted by Nick Boyce on May 17

[mods: feel free to merge this with my previous post if it hasn't hit
the list yet]

I should add dates: the 7zip V16.00 release is dated 10.May.2016, and
the Cisco Talis blog post is dated 11.May.2016.

Also affected versions are all below 16.00, not just 15.00 and prior.

Nick

Code Execution Vulnerabilities In 7zip

Full Disclosure - 17 May, 2016 - 08:30

Posted by Nick Boyce on May 17

Just karma whoring here, since I noticed the announcement and figured
the news needs to spread. Cisco Talis discovered a number of bugs in
7zip versions prior to 16.00, some of which lead to arbitrary code
execution when processing certain malformed archives:

http://www.zdnet.com/article/severe-7-zip-vulnerabilities-cause-top-security-software-tools-patch-panic/#ftag=RSSbaffb68...

Re: Skype Phishing Attack

Full Disclosure - 17 May, 2016 - 08:30

Posted by Sebastian on May 17

Hey all,

I don't think "pop up a full featured window on the client" is your
everyday phishing attack. This is easily exploited even for experienced
users, since this is definitely not what you'd expect to originate from
Skype (and for example Steam tends to annoy you with login popups
sometimes, i.e. when changing your IP).

So yes, we don't need your average phishing attack, but this is surely a
vulnerability and...

Re: runAV mod_security Remote Command Execution

Full Disclosure - 17 May, 2016 - 08:30

Posted by Reindl Harald on May 17

Am 13.05.2016 um 17:30 schrieb Rio Sherri:

>
> sprintf (cmd, "/usr/bin/clamscan --no-summary %s", argv[1]);
> The argv[1] parameter is passed unsanitized to a sprintf function
> which sends the formatted output to the cmd variable,
> which is later passed as a parameter to a run_cmd function on line 14

i don't think so because the temp-files of mod-security to inspect
uploads are not controlled by the client...

[SECURITY] [DSA 3581-1] libndp security update

Bug Traq - 17 May, 2016 - 08:27

Posted by Salvatore Bonaccorso on May 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-3581-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libndp
CVE ID : CVE-2016-3698
Debian Bug :...

APPLE-SA-2016-05-16-6 iTunes 12.4

Full Disclosure - 17 May, 2016 - 08:26

Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-6 iTunes 12.4

iTunes 12.4 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
have resulted in arbitrary code execution
Description: A dynamic library loading issue existed in iTunes
setup. This was addressed through improved path searching.
CVE-ID
CVE-2016-1742 : Stefan Kanthak and
YoKo Kho (yokoacc) of MII - Consulting...

APPLE-SA-2016-05-16-5 Safari 9.1.1

Full Disclosure - 17 May, 2016 - 08:26

Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-5 Safari 9.1.1

Safari 9.1.1 is now available and addresses the following:

Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb

WebKit...

APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003

Full Disclosure - 17 May, 2016 - 08:26

Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003

OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:

AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB

AMD...

APPLE-SA-2016-05-16-3 watchOS 2.2.1

Full Disclosure - 17 May, 2016 - 08:26

Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-3 watchOS 2.2.1

watchOS 2.2.1 is now available and addresses the following:

CommonCrypto
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 :...

APPLE-SA-2016-05-16-2 iOS 9.3.2

Full Disclosure - 17 May, 2016 - 08:26

Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-2 iOS 9.3.2

iOS 9.3.2 is now available and addresses the following:

Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A buffer overflow was addressed through improved size
validation.
CVE-ID
CVE-2016-1790 : Rapelly Akhil

CFNetwork Proxies
Available for: iPhone 4s and later,
iPod touch...

APPLE-SA-2016-05-16-1 tvOS 9.2.1

Full Disclosure - 17 May, 2016 - 08:26

Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-1 tvOS 9.2.1

tvOS 9.2.1 is now available and addresses the following:

CFNetwork Proxies
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of...

[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability

Full Disclosure - 17 May, 2016 - 08:25

Posted by ERPScan inc on May 17

Application: SAP xMII

Versions Affected: SAP MII 15.0

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 29.07.2015

Reported: 29.07.2015

Vendor response: 30.07.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2230978

Author: Dmitry Chastuhin (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP xMII – directory traversal vulnerability

Advisory ID: [ERPSCAN-16-009]

Risk: high priority

Advisory URL:...

[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet

Full Disclosure - 17 May, 2016 - 08:25

Posted by ERPScan inc on May 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bugs: Cross Site Scripting (XSS)

Sent: 10.08.2015

Reported: 10.08.2015

Vendor response: 11.08.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2220571

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA – XSS vulnerability in ProxyServer servlet

Advisory ID:...

Bugtraq: APPLE-SA-2016-05-16-2 iOS 9.3.2

Security Focus Vulnerabilities - 16 May, 2016 - 22:35
APPLE-SA-2016-05-16-2 iOS 9.3.2

Bugtraq: APPLE-SA-2016-05-16-1 tvOS 9.2.1

Security Focus Vulnerabilities - 16 May, 2016 - 22:35
APPLE-SA-2016-05-16-1 tvOS 9.2.1
Syndicate content