-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of
Service Vulnerability
Advisory ID: cisco-sa-20160713-ncs6k
Revision 1.0
For Public Release 2016 July 13 16:00 UTC (GMT
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: 45796 / 45811 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version:
Summary:
pmount is a wrapper around the standard mount program which permits
normal users to mount removable devices without a matching /etc/fstab entry.
Due to a missing input validation check local users could mount devices
to arbitrary destinations and thus taking over the targeted
Hi @ll,
the executable installers of Flash Player released 2016-06-15
fixed CVE-2016-1014 in the second attempt, but another vulnerability
remained: they create(d) and use(d) UNSAFE temporary subdirectories
into which they copy/ied themselves and extract(ed) a file "fpb.tmp"
which they load(ed)
