Security News

Cross-Site Request Forgery in Icegram WordPress Plugin

Full Disclosure - 19 July, 2016 - 14:56

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Cross-Site Request Forgery in Icegram WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Request Forgery vulnerability was found in the Icegram...

Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking

Bug Traq - 19 July, 2016 - 14:51

Posted by Stefan Kanthak on Jul 19

Hi @ll,

eclipse-inst-win32.exe (and of course eclipse-inst-win64.exe
too) loads and executes multiple DLLs (in version 4.5 also
CMD.EXE) from its "application directory".

* version 4.5 ("Mars") on Windows 7:
UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll,
Slc.dll, NTMarta.dll, ProfAPI.dll, SAMLib.dll

* version 4.6 ("Neon") on Windows 7:
IEFrame.dll, Version.dll

* version 4.5 on Windows XP:...

Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

Bug Traq - 19 July, 2016 - 14:43

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869

Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186

CVE-ID:
=======
CVE-2016-6186

Release Date:
=============
2016-07-19

Vulnerability...

APPLE-SA-2016-07-18-6 iTunes 12.4.2

Bug Traq - 19 July, 2016 - 14:33

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-6 iTunes 12.4.2

iTunes 12.4.2 for Windows is now available and addresses the following:

libxml2
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4448 : Apple
CVE-2016-4483 :...

APPLE-SA-2016-07-18-5 Safari 9.1.2

Bug Traq - 19 July, 2016 - 14:24

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a...

Bugtraq: APPLE-SA-2016-07-18-4 tvOS 9.2.2

Security Focus Vulnerabilities - 19 July, 2016 - 14:10
APPLE-SA-2016-07-18-4 tvOS 9.2.2

Bugtraq: APPLE-SA-2016-07-18-3 watchOS 2.2.2

Security Focus Vulnerabilities - 19 July, 2016 - 14:10
APPLE-SA-2016-07-18-3 watchOS 2.2.2

Bugtraq: APPLE-SA-2016-07-18-2 iOS 9.3.3

Security Focus Vulnerabilities - 19 July, 2016 - 14:10
APPLE-SA-2016-07-18-2 iOS 9.3.3

Bugtraq: APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

Security Focus Vulnerabilities - 19 July, 2016 - 14:10
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

APPLE-SA-2016-07-18-4 tvOS 9.2.2

Bug Traq - 19 July, 2016 - 13:59

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-4 tvOS 9.2.2

tvOS 9.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO
Available for: Apple TV (4th generation)
Impact: A...

Bugtraq: [SECURITY] [DSA 3622-1] python-django security update

Security Focus Vulnerabilities - 19 July, 2016 - 13:30
[SECURITY] [DSA 3622-1] python-django security update

Bugtraq: [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking

Security Focus Vulnerabilities - 19 July, 2016 - 13:30
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking

APPLE-SA-2016-07-18-3 watchOS 2.2.2

Bug Traq - 19 July, 2016 - 13:29

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-3 watchOS 2.2.2

watchOS 2.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO...

APPLE-SA-2016-07-18-2 iOS 9.3.3

Bug Traq - 19 July, 2016 - 13:19

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-2 iOS 9.3.3

iOS 9.3.3 is now available and addresses the following:

Calendar
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a device to
unexpectedly restart
Description: A null pointer dereference was addressed through
improved memory handling.
CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical
Center...

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

Bug Traq - 19 July, 2016 - 13:09

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update
2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now
available and addresses the following:

apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to...

[SECURITY] [DSA 3622-1] python-django security update

Bug Traq - 19 July, 2016 - 12:58

Posted by Salvatore Bonaccorso on Jul 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3622-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2016-6186

It was...

Bugtraq: [SECURITY] [DSA 3621-1] mysql-connector-java security update

Security Focus Vulnerabilities - 19 July, 2016 - 12:25
[SECURITY] [DSA 3621-1] mysql-connector-java security update

Bugtraq: [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon

Security Focus Vulnerabilities - 19 July, 2016 - 12:25
[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon

Bugtraq: Multiple vulns in Vodafone EasyBox 804

Security Focus Vulnerabilities - 19 July, 2016 - 12:25
Multiple vulns in Vodafone EasyBox 804

Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin

Full Disclosure - 19 July, 2016 - 11:40

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress
Plugin
------------------------------------------------------------------------
Han Sahin, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple reflected Cross-Site Scripting (XSS)...
Syndicate content