Microsoft Education - Stored Cross Site Web Vulnerability

2016-08-11 Thread Vulnerability Lab
Document Title: === Microsoft Education - Stored Cross Site Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1897 Release Date: = 2016-08-10 Vulnerability Laboratory ID (VL-ID):

QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability

2016-08-11 Thread Vulnerability Lab
Document Title: === QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1895 Release Date: = 2016-08-11 Vulnerability Laboratory ID (VL-ID):

Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8)

2016-08-11 Thread Rv3Lab.org
### 01. ### Advisory Information ### Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Date published: n/a Date of last update: n/a Vendors contacted: ColoradoFTP author Sergei Abramov Discovered by: Rv3Laborato

[SECURITY] [DSA 3646-1] postgresql-9.4 security update

2016-08-11 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3646-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2016

Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%

2016-08-11 Thread Stefan Kanthak
Hi @ll, several of Microsoft's Sysinternals utilities extract executables to %TEMP% and run them from there; the extracted executables are vulnerable to DLL hijacking, allowing arbitrary code execution in every user account and escalation of privilege in "protected administrator" accounts [*]. *

[SECURITY] [DSA 3647-1] icedove security update

2016-08-11 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3647-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 11, 2016