Citrix XenServer Multiple Security Updates

Description of Problem A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities...

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

Paragon Initiative Enterprises: Airship: Persistent XSS via Comment

Affected: Airship 2.0.0 commit 15bdc0d CVSS ---- Medium 6.1 https://www.first.org/cvss/calculator/3.0CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Description ----------- The "name" field of a comment on a blog post is vulnerable to persistent XSS. When replying to a comment, the comment name is...

Potential Command Injection in codem-transcode

When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...

GHSA-RPH7-J9QR-H8Q8 Potential Command Injection in codem-transcode

When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...

Open Redirect

Overview st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers trea...

asterisk -- RTP/RTCP information leak

The Asterisk project reports: This is a follow up advisory to AST-2017-005. Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetricrtp" options allow redirecting where Asterisk sends the next RTCP report. The RTP stream...

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...

CVE-2016-4810 - Vulnerability in Citrix Studio Could Result in Insecure Access Policy Configuration

Description of Problem A vulnerability has been identified in Citrix Studio that could allow Access Policy rules to be set insecurely on the Citrix XenDesktop Delivery Controller. This vulnerability affects the following product versions: Citrix XenDesktop 7.x between versions 7.0 and 7.6...

CVE-2015-8277 - Citrix Licensing Security Updates

Description of Problem A vulnerability has been identified in Citrix Licensing that could allow a remote, unauthenticated attacker to crash the License Server and potentially execute arbitrary code on the server. This vulnerability affects the following products: Citrix License Server for Windows...

ABB PCM600 Vulnerabilities

OVERVIEW ABB has identified one use of password hash with insufficient computational effort and three insufficiently protected credentials vulnerabilities in ABB’s PCM600. These vulnerabilities were reported directly to ABB by Ilya Karpov from Positive Technologies. ABB has produced a new version...

Hawkeye-G XSS

Crossite scripting in web interface...

Astoria — Advanced Tor Client Designed to Avoid NSA Attacks

In response to the threat of intelligence agencies like NSA and GCHQ, Security researchers from American and Israeli academics have developed a new advanced Tor client called Astoria specially designed to make eavesdropping harder. Tor The Onion Router is the most popular anonymity network that i...

Safari Cross-Domain Hijacking

OVERVIEW ========== The 4/8/2015 security updates from Apple included a patch for a Safari cross-domain vulnerability. An attacker could create web content which, when viewed by a target user, bypasses some of the normal cross-domain restrictions to access or modify HTTP cookies belonging to any...

SOL16128 - Microsoft Schannel vulnerability CVE-2014-6321

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

No description provided by source. Vulnerability Report Author: Matthew R. Bucci [email protected] Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit is a git web repository viewer that aims to be easy to set up and upgrade, light on...

SSL Pulse Scans Quantify Vulnerable OpenSSL Servers

Certain mitigating factors made the recent OpenSSL man-in-the-middle vulnerability a notch or two below Heartbleed in terms of criticality. With that in consideration, it’s probably no surprise that patching levels for CVE-2014-0224 aren’t as high out of the gate as they were for Heartbleed. Ivan...

Drupal 7.26 Custom Search 7.x-1.13 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Author: Justin C. Klein Keane Reported: 19 Feb, 2014 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Custom Search modu...

Drupal 7.22 / 6.28 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NB: Before anyone gets their panties in a twist read the whole disclosure, this isn't the end of the world, sky-is-falling vulnerability you might be looking for, but I do believe it is serious. TLDR: check your .info files! Vulnerability Report Autho...

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...