August 23, 2016 — KB3176934 (OS Build 14393.82)

August 23, 2016 — KB3176934 OS Build 14393.82 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Network Controller, DNS server, gateways, Storage Spaces Direct, Group Managed Service...

Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction

On James Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Null pointer dereference

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service application...

CVE-2018-17293

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service application...

Microsoft Office SharePoint Server Cross-Site Scripting Vulnerability

Microsoft Office SharePoint Server is a business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site...

Microsoft Office 2016 Click-to-Run (C2R) Multiple Vulnerabilities (Sep 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Excel CVE-2018-8331 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

Update Rollup 5 for System Center 2016 Orchestrator

Update Rollup 5 for System Center 2016 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2016 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed When you view the...

Following Facebook and Twitter, Google Targets Iranian Influence Operation

In the wake of influence-campaign takedowns by Facebook and Twitter, Google has issued a report detailing its own efforts to root out foreign influence operatives allegedly tied to an Iranian state-run media broadcaster. The news comes as President Donald Trump appeared to tweet in opposition to...

Microsoft Office 2016 Click-to-Run (C2R) Multiple Vulnerabilities (Aug 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

EKFiddle - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Installation Download and install the latest version of Fiddler https://www.telerik.com/fiddler Special instructions for Linux and Mac here:...

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

CVE-2018-15175

XnView 2.45 allows remote attackers to cause a denial of service User Mode Write AV starting at Qt5Core!QVariant::QVariant+0x0000000000000014 and application crash or possibly have unspecified other impact via a crafted RLE file...

XnView Denial of Service Vulnerability (CNVD-2019-10272)

XnView is a multi-platform software that supports image viewing, conversion and editing. A denial of service vulnerability exists in XnView 2.45, which can be exploited by remote attackers to cause a denial of service via a specially crafted RLE file...

airflow-plugins (=0.1.3), tf-run-manager (>=1.0.0 <=2.1.6) potentially affected by CVE-2018-7750 via paramiko (=2.3.1)

paramiko PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on paramiko and may be impacted: - airflow-plugins =0.1.3 - tf-run-manager =1.0.0, =2.1.6 Source cves: CVE-2018-7750 Source advisory: OSV:GHSA-232R-66CG-79PX...

Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...

Microsoft Office 2016 Click-to-Run (C2R) Multiple Vulnerabilities (Jul 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

[SECURITY] Fedora 27 Update: ant-1.10.1-10.fc27

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

Microsoft Windows 10: Adobe Flash Click-to-Run (Edge)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winedgeadobeclick2run.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Configure the Adobe Flash Click-to-Run setting Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...

CVE-2018-1000532

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...