New Windows Patch Policy At Odds With Acceptable Risk

With Microsoft’s Patch Tuesday release tomorrow, the countdown begins for application developers to button down code ahead of Microsoft’s new servicing model starting in October that could present vulnerability issues for some businesses. “Tomorrow it’s going to be business as usual, but it will...

Important: Red Hat Security Advisory: eap7-jboss-ec2-eap security, bug fix, and enhancement update

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CumulusClips 2.4.1 Code Execution / CSRF / Cross Site Scripting

Exploit Title: CumulusClips Session fixation Google Dork: inurl:/cumulusclips/videos/ Date: 2.09.2016 Exploit Author: kor3k / Aukasz Korczyk Vendor Homepage: http://cumulusclips.org/ Software Link: http://cumulusclips.org/cumulusclips.zip Version: 2.4.1 Tested on: Debian Jessie Description:...

Fedora 23 : ca-certificates (2016-f9e951386e)

This is an update to the Mozilla CA certificates list version 2.9, which has been published as part of Mozilla NSS 3.26. As in previous versions of the ca-certificates package, the CA list has been modified to keep several legacy CAs still trusted for compatibility reasons. Please refer to...

Microsoft Office Compatibility Pack Installed (credentialed check)

Binary data microsoftofficecompatibilitypackinstalled.nbin...

Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)

Fix for CVE-2016-6317 rhbz1366479 - Fix argument error for instanceexec for Ruby 2.3 compatibility Only rubygem-activerecord f24 - Improve tests not to accept the failures Only rubygem-activerecord Note that Tenable Network Security has extracted the preceding description block directly from the...

Microsoft Office Compatibility Pack Unsupported Version Detection

According to its self-reported component version numbers, the installation of Microsoft Office Compatibility Pack on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain...

SSH Server Auditing: ssh-audit

ssh-audit is a tool for ssh server auditing Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information...

openSUSE Security Update : roundcubemail (openSUSE-2016-996)

This update for roundcubemail fixes the following vulnerabilities : - CVE-2015-8864: XSS issue in SVG images handling boo976988 - CVE-2015-2181: issue in DBMail driver of password plugin Roundcubemail was also updated to 1.0.9, fixing the following bugs : - Fix a regression where some contact dat...

Fedora 24 : ca-certificates (2016-33f99474b5)

This is an update to the Mozilla CA certificates list version 2.9, which has been published as part of Mozilla NSS 3.26. As in previous versions of the ca-certificates package, the CA list has been modified to keep several legacy CAs still trusted for compatibility reasons. Please refer to...

The vulnerabilities of Microsoft Excel editors, the Microsoft Office Compatibility Pack, and the Microsoft Excel Viewer allow a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Excel editors, the Microsoft Office Compatibility Pack, and the Microsoft Excel Viewer are caused by buffer overflow attacks. Exploitation of this vulnerability can allow an attacker to execute arbitrary code using a specially crafted Office document from a remote...

The vulnerabilities of the Microsoft Office suite of programs, the Microsoft Word text editor, the Microsoft Office Compatibility Pack, the Microsoft Word Viewer software for reading doc files, the Microsoft SharePoint Server corporate application suite, the Microsoft Office Web Apps, and the Microsoft Office Online Server web server allow a perpetrator to execute arbitrary code.

The vulnerabilities of the Microsoft Office package, the Microsoft Word text editor, the Microsoft Office Compatibility Pack, the Microsoft Word Viewer for reading doc files, the Microsoft SharePoint Server corporate application, and the Microsoft Office Web Apps and Microsoft Office Online Serve...

The vulnerability of the Microsoft Office suite of programs, the Microsoft Word text editor, the Word Viewer program for reading DOC files, and the Microsoft Office Compatibility Pack allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office package, the Microsoft Word text editor, the Word Viewer document viewing program, and the Microsoft Office Compatibility Pack is caused by a buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially...

FreeBSD : FreeBSD -- Linux compatibility layer incorrect futex handling (793fb19c-600a-11e6-a6c3-14dae9d210b8)

A programming error in the handling of Linux futex robust lists may result in incorrect memory locations being accessed. Impact : It is possible for a local attacker to read portions of kernel memory, which may result in a privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

FreeBSD : FreeBSD -- Linux compatibility layer setgroups(2) system call (798f63e0-600a-11e6-a6c3-14dae9d210b8)

A programming error in the Linux compatibility layer setgroups2 system call can lead to an unexpected results, such as overwriting random kernel memory contents. Impact : It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or caus...

FreeBSD : FreeBSD -- Linux compatibility layer issetugid(2) system call (7ac28df1-600a-11e6-a6c3-14dae9d210b8)

A programming error in the Linux compatibility layer could cause the issetugid2 system call to return incorrect information. Impact : If an application relies on output of the issetugid2 system call and that information is incorrect, this could lead to a privilege escalation. %NASLMINLEVEL 70300 ...

FreeBSD : FreeBSD -- Kernel stack disclosure in Linux compatibility layer (7c5d64dd-600a-11e6-a6c3-14dae9d210b8)

The implementation of the TIOCGSERIAL ioctl2 does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo system call does not clear the output struct before copying it out to userland. Impact : An unprivileged user can read a portion of uninitialise...

Fedora 24 : ca-certificates (2016-7527145931)

This is an update to the Mozilla CA certificates list version 2.8, which has been published as part of Mozilla NSS 3.25. As in previous versions of the ca-certificates package, the CA list has been modified to keep several legacy CAs still trusted for compatibility reasons. Please refer to...

Leap Second Compatibility

Challenge A leap second is a one-second adjustment that is occasionally applied to Coordinated Universal Time UTC to keep its time of day close to mean solar time. Some software experiences problems when leap seconds are inserted for example, if the leap second is inserted at an unexpected time...

Application Compatibility Cache

Nessus was able to generate a report on the application compatibility cache on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92415; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/23 16:10:01"; scriptnameenglish:"Application Compatibility...