Gwyn's Imagemap Selector Security Vulnerabilities

Web Testing Framework Samurai

The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites. In developing this...

RHEL 7 : Satellite Server (RHSA-2018:2927)

An update is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the...

(RHSA-2018:2927) Important: Satellite 6.4 security, bug fix, and enhancement update

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): jackson-databind: Unsafe deserialization due to incomplete black list...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-1140)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI ...

Security update for the Linux Kernel (important)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI...

RHEL 6 : MRG (RHSA-2015:0707)

Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give...

Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 Fault Generation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-12-342-01A Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 controller that was published December 11, 2012, on the NCCIC/ICS-CERT web site. Independent researcher Matthew Luallen of CYBATI has identified a...

RHEL 7 : JBoss EAP (RHSA-2017:0832)

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for...

RHEL 6 : JBoss EAP (RHSA-2017:1410)

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,.....

RHEL 7 : JBoss EAP (RHSA-2016:1839)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

RHEL 6 : JBoss EAP (RHSA-2017:0831)

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for...

RHEL 7 : JBoss EAP (RHSA-2017:1411)

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,.....

RHEL 6 : JBoss EAP (RHSA-2016:1838)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3754-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3754-1 advisory. The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows...

Mozilla Firefox < 57 Multiple Vulnerabilities

Versions of Mozilla Firefox earlier than 57 are unpatched for the following vulnerabilities : A race condition exists in 'dom/media/systemservices/MediaParent.cpp' that is triggered when getting deviceId keys. This may allow a context-dependent attacker to corrupt memory and potentially execute...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 (RHSA-2018:2424)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2424 advisory. cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624) apache-cxf: TLS hostname...

Mozilla Firefox < 57.0.1 Multiple Vulnerabilities

Versions of Mozilla Firefox earlier than 57.0.1 are unpatched for the following vulnerabilities : A flaw exists in the 'PerDocumentStyleDataImpl::visited_styles_enabled()' function in 'servo/components/style/gecko/data.rs'. The issue is triggered when handling the CSS ':visited' selector for a...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 (RHSA-2018:2423)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2423 advisory. cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624) apache-cxf: TLS hostname...

(RHSA-2018:2424) Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and...

(RHSA-2018:2423) Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and...

Debian DSA-4262-1 : symfony - security update

Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of...

[SECURITY] [DSA 4262-1] symfony security update

Debian Security Advisory DSA-4262-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq Package : symfony CVE ID : CVE-2016-2403 CVE-2017-1665 ...

Security Bulletin:GSKit vulnerable to FREAK - GSKit Ephemeral RSA Vulnerability

Summary GSKit with accept an Ephemeral RSA Key for non export CipherSuites in SSLV3.0 and TLS 1.0 Vulnerability Details CVE ID: CVE-2014-8730 DESCRIPTION: The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM...

Debian: Security Advisory (DSA-4262-1)

The remote host is missing an update for the...

MicroFocus Secure Messaging Gateway Remote Code Execution

...

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...

Micro Focus Secure Messaging Gateway (SMG) &lt; 471 - Remote Code Execution (Metasploit)

...

Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)

Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution...

Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution Exploit

Exploit for php platform in category remote...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...

RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2089)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2089 advisory. undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service...

RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2090)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2090 advisory. undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service...

(RHSA-2018:2090) Moderate: Red Hat JBoss Enterprise Application Platform security update

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and...

(RHSA-2018:2089) Moderate: Red Hat JBoss Enterprise Application Platform security update

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and...

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-11600 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrm_policy.c. By using...

Security Bulletin: IBM Tivoli Netcool Impact is affected by multiple vulnerabilities in IBM Tivoli Integrated Portal (TIP)

Summary IBM Tivoli Netcool Impact has addressed the following vulnerabilities in IBM Tivoli Integrated Portal (TIP) . Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the....

Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2

Summary OpenSource Apache ActiveMQ Vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes...

Security Bulletin: Jazz for Service Management is affected by Open Source Apache ActiveMQ vulnerability - Reported in 02/05/2015 X-Force Report

Summary Jazz for Service Management (JazzSM) bundles the Open Source Apache ActiveMQ jar files for use by the underlying DASH/TWL Component and a vulnerability was reported related to the jar used Vulnerability Details CVEID: CVE-2014-3600 DESCRIPTION: Apache ActiveMQ could allow a remote attacker....

Security Bulletin: Security vulnerabilities in IBM Java Runtime and Apache Tomcat affects IBM RLKS Administration and Reporting Tool Admin (CVE-2016-5597, CVE-2016-3092)

Summary There is a vulnerability related to the Networking component in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.0, that is used and shipped by IBM Rational License Key Server Administration and Reporting Tool Admin. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION:.....

Security Bulletin: Vulnerability in RLKS Administration and Reporting Tool (CVE-2015-5045)

Summary A possible security vulnerability has been reported in IBM Rational License Key Server (RLKS) Administration and Reporting tool. There have been no reported exploits of this vulnerability. Vulnerability Details CVEID: CVE-2015-5045 DESCRIPTION: An unspecified vulnerability in RLKS...

Security Bulletin: Multiple Security Vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin and Agent

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6.0.16.0 and 7.0.9.10, that are used by IBM Rational License Key Server Administration and Reporting Tool Admin and Agent. These issues were disclosed as part of the IBM Java Runtime updates...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect RLKS Administration and Reporting Tool (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-2808, CVE-2015-4000, CVE-2015-1916, CVE-2015-0488, CVE-2015-0138)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.2 that is used by RLKS Administration and Reporting Tool. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java SE Embedded related to the JCE...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational License Key Server Administration and Reporting Tool (CVE-2015-0138, CVE-2014-3566, CVE-2014-6593, )

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.2 that is used by Rational License Key Server Administration and Reporting Tool. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also...

Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerabilities (CVE-2014-3566, CVE-2014-4244)

Summary Two possible security vulnerabilities have been reported in RLKS Administration and Reporting Tool. There have been no reported exploits of these vulnerabilities. Vulnerability Details CVE ID: CVE-2014-3566 Description: Product could allow a remote attacker to obtain sensitive information,....

Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerability (CVE-2014-0411)

Summary A possible security vulnerability has been reported in the Rational License Key Server Administration and Reporting Tool. There have been no reported exploits of this possible vulnerability, which is located in the JSSE component of IBM Java shipped with the tool and its agent....

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

Summary IBM QRadar Network Security has addressed vulnerabilities in Linux kernel. Vulnerability Details CVEID: CVE-2017-1000364 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory allocation flaw that allows the stack guard.....

Security Bulletin: Missing authorization concept for document upload and download in IBM Business Process Manager (BPM) CMIS integration (CVE-2015-1904)

Summary IBM Business Process Manager offers integration with external Enterprise Content Management (ECM) systems. If a process app is configured to always connect to an external ECM system using a predefined technical system account (rather than the actual end user), then the process app...

June 12, 2018—KB4284835 (OS Build 17134.112)

June 12, 2018—KB4284835 (OS Build 17134.112) Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections from an additional subclass of speculative execution side channel...

A week in security (June 4 – June 10)

Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven't already....

Facebook Software Bug Made Some Private Posts Public: 14 Million Affected

A Facebook software bug in May switched the “suggested audience” for posts to “public” for 14 millions of users. The glitch meant Facebook users who though they were sharing content with just friends or small groups actually made their posts available to the general public. The incident is the...