Tagged: vulnerability

Microsoft February 2016 Patch Tuesday, (Tue, Feb 9th) 0

Microsoft February 2016 Patch Tuesday, (Tue, Feb 9th)

Overview of the February 2016 Microsoft patches and their status. # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS15-009 Cumulative Security Update for Internet Explorer (Replaces MS16-001 ) Internet Explorer CVE-2016-0041 , CVE-2016-0059 , CVE-2016-0060 , CVE-2016-0061 , CVE-2016-0062 , CVE-2016-0063 , CVE-2016-0064 , CVE-2016-0067 , CVE-2016-0068 , CVE-2016-0069 , CVE-2016-0071 , CVE-2016-0072 ,”> MS15-011 Cumulative Security Update for Microsoft Edge (Replaces KB3124266 ) Microsoft Edge CVE-2016-0060 , CVE-2016-0061 , CVE-2016-0062 , CVE-2016-0077 , CVE-2016-0080 ,”> Critical : Anything that needs little to become interesting”> Less Urt practices for servers such as not using outlook, MSIE, word etc

Oracle Releases Security Updates for Java 0

Oracle Releases Security Updates for Java

Original release date: February 08, 2016 Oracle has released security updates to address a vulnerability in Java SE versions 6, 7, and 8 for Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium 0

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

Vulnerability Note VU#305096 Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 05 Feb 2016 Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities

Apache Commons Collections Under Attack 0

Apache Commons Collections Under Attack

Two months ago, a Java zero day vulnerability (CVE-2015-4852) that targeted Apache commons collections library was disclosed. This vulnerability is caused by an error when Java applications, which use Apache commons collections library, deserialize o…

VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities 0

VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

Vulnerability Note VU#777024 Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities Original Release date: 03 Feb 2016 | Last revised: 03 Feb 2016 Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Description Netgear Management System NMS300 is a configuration, monitoring, and diagnostics utility for managing SNMP networked devices via a web interface

VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands 0

VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Vulnerability Note VU#719736 Fisher-Price Smart Toy platform allows some unauthenticated web API commands Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy