Monthly Archive: February 2018

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the...

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG...

Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS. Date published : 2018-02-03 https://bugzilla.zimbra.com/show_bug.cgi?id=107878 https://bugzilla.zimbra.com/show_bug.cgi?id=107885

Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS. Date published : 2018-02-03 https://bugzilla.zimbra.com/show_bug.cgi?id=108265 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C...

webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. Date published : 2018-02-03 https://bugs.debian.org/889450 https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b

An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then...

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. Date published : 2018-02-02 http://issues.outoforder.cc/view.php?id=93 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578663

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. Date published : 2018-02-02 http://www.openwall.com/lists/oss-security/2014/01/31/10 http://xforce.iss.net/xforce/xfdb/90858

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. Date published : 2018-02-02 http://www.openwall.com/lists/oss-security/2014/01/31/10

Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php. Date published : 2018-02-02...

The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting....

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID:...

Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and...