Feed aggregator

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

BugTraq Latest Security Advisories - August 19, 2016 - 6:22am

Posted by Florian Bogner on Aug 19

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud's Desktop client version 2.2.2
Tested on: Windows 7 64 bit
CVE : pending
URL: https://bogner.sh/2016/08/horizontal-privilege-escalation-in-ownclouds-windows-client/...
Categories:

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

BugTraq Latest Security Advisories - August 19, 2016 - 6:13am

Posted by Justin Bull on Aug 19

Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
-------------
4.2.0 or apply this commit[0]

Problem:
--------
Doorkeeper failed to implement OAuth...
Categories:

Bugtraq: [SYSS-2016-055] QNAP QTS - OS Command Injection

Security Focus Latest Security Advisories - August 19, 2016 - 5:00am
[SYSS-2016-055] QNAP QTS - OS Command Injection
Categories:

Bugtraq: [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

Security Focus Latest Security Advisories - August 19, 2016 - 5:00am
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
Categories:

next-20160819: linux-next

Linux Kernel Updates - August 18, 2016 - 11:08pm
Version:next-20160819 (linux-next) Released:2016-08-19

Vuln: MatrixSSL Multiple Information Disclosure Vulnerabilities

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
MatrixSSL Multiple Information Disclosure Vulnerabilities
Categories:

Vuln: Libxml2 CVE-2016-4448 Remote Format String Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Libxml2 CVE-2016-4448 Remote Format String Vulnerability
Categories:

Vuln: Facebook HHVM Multiple Integer Overflow and Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Facebook HHVM Multiple Integer Overflow and Denial of Service Vulnerabilities
Categories:

Vuln: Apple iOS/tvOS/Safari Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Apple iOS/tvOS/Safari Multiple Security Vulnerabilities
Categories:

Vuln: Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
Categories:

Vuln: Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities
Categories:

Vuln: Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
Categories:

Vuln: libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
Categories:

Vuln: Geeklog IVYWE CVE-2016-4849 Multiple Cross Site Scripting Vulnerabilities

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Geeklog IVYWE CVE-2016-4849 Multiple Cross Site Scripting Vulnerabilities
Categories:

Vuln: Navis WebAccess Unspecified SQL Injection Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Navis WebAccess Unspecified SQL Injection Vulnerability
Categories:

Vuln: Multiple Cisco Products CVE-2016-6367 Local Code Execution Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 11:00pm
Multiple Cisco Products CVE-2016-6367 Local Code Execution Vulnerability
Categories:

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting

BugTraq Latest Security Advisories - August 18, 2016 - 3:02pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...
Categories:

[SYSS-2016-054] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 2:56pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-07
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting

BugTraq Latest Security Advisories - August 18, 2016 - 2:48pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...
Categories:

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

BugTraq Latest Security Advisories - August 18, 2016 - 2:42pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...
Categories: