Subscribe via feed.
Archive for October, 2016

Apple Security Advisory 2016-10-24-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-24-2 – macOS Sierra 10.12.1 is now available and addresses code execution, privilege escalation, and various other vulnerabilities.

Tags: , ,

Apple Security Advisory 2016-10-24-3

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-24-3 – Safari 10.0.1 is now available and addresses code execution vulnerabilities.

Tags: , ,

Apple Security Advisory 2016-10-24-4

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-24-4 – tvOS 10.0.1 is now available and addresses phishing, information disclosure, code execution, and other vulnerabilities.

Tags: , ,

Apple Security Advisory 2016-10-24-5

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-24-5 – watchOS 3.1 is now available and addresses code execution, information disclosure, and various other vulnerabilities.

Tags: , ,

Windows Linux Subsystem Arbitrary File / Direction Creation

Posted by deepcore under exploit (No Respond)

The Linux subsystem on Windows suffers from a privilege escalation vulnerability that allows for arbitrary file and directory creation.

FreePBX 10.13.66 Remote Command Execution / Privilege Escalation

Posted by deepcore under exploit (No Respond)

FreePBX version 10.13.66 suffers from remote command execution and privilege escalation vulnerabilities.

Puppet Enterprise Web Interface Open Redirect

Posted by deepcore under exploit (No Respond)

Puppet Enterprise Web Interface versions prior to 2016.4.0 suffer from an open redirection vulnerability.

Puppet Enterprise Web Interface User Enumeration

Posted by deepcore under exploit (No Respond)

Puppet Enterprise Web Interface versions prior to 2016.4.0 suffer from a user enumeration vulnerability.

TrendMicro InterScan Web Security Virtual Appliance Shellshock

Posted by deepcore under exploit (No Respond)

TrendMicro InterScan Web Security Virtual Appliance remote code execution exploit that leverages the shellshock vulnerability to spawn a connect-back shell.

Panda Security PSEvents Privilege Escalation

Posted by deepcore under exploit (No Respond)

PSEvents.exe within several Panda Security products runs hourly with SYSTEM privileges. When run, it checks a user writable folder for certain DLL files, and if any are found they are automatically run. Vulnerable products include Panda Global Protection 2016 versions 16.1.2 and below, Panda Antivirus Pro 2016 versions 16.1.2 and below, Panda Small Business Protection […]