The Support team for CA Technologies, A Broadcom Company, is alerting customers to multiple potential risks with CA Risk Authentication and CA Strong Authentication. Multiple vulnerabilities exist that can allow a remote attacker to gain additional access in certain configurations or possibly gain sensitive information. CA published solutions to address the vulnerabilities and recommends that all affected customers implement these solutions immediately. The first vulnerability occurs due to insufficient verification of custom privileges. A malicious actor, who has access to an account with customized and limited privileges may, in some cases, access resources and act outside of assigned privileges. This exposure does not affect installations where accounts do not have custom privileges. The second vulnerability may enable a malicious actor to conduct UI redress attacks to gain sensitive information in some cases. Affected includes CA Risk Authentication versions 9.0, 8.x, and 3.1 as well as CA Strong Authentication versions 9.0, 8.x, and 7.1.
ef42b4a17a8b60fc53d7e5c399e58653c06578f01ab6db7ea9f0569b72b8882dDebian Linux Security Advisory 4451-1 - Thunderbird vulnerabilities may lead to the execution of arbitrary code or denial of service.
7c0997408a516b38bd2ff33efdab9ee1a2b6e4d2bfe479bcfc717d4f571b3aa2Debian Linux Security Advisory 4450-1 - A vulnerability was found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).
b9708563769297f2f8615d14579d54d20eb6303fdc77c3ffcafdb8c17466dfb6Cyberoam Transparent Authentication Suite version 2.1.2.5 Fully Qualified Domain Name and NetBIOS Name proof of concept denial of service exploits.
e85b1896f7ee0fbcaefed884392a6b1338e4242ffba88de09aef0f3dcadd07f2This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.
d2ce49b369029d9ba6fa03bf3c938f41ab106d33a06609e2f00de1eb12b975c8Cyberoam SSLVPN Client version 1.3.1.30 Connect To Server and HTTP Proxy proof of concept denial of service exploits.
10fbba0972f675beabed4bc6c7b9fa2fc4019879caef30f05995225cb5176369CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability.
ab2bb4ee4397e607d687ba9dbfeb8d2bbe0759bf552f9eef576d986e406dafb4Debian Linux Security Advisory 4452-1 - Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.
8095674dd1045dcb3b6e8830df6c5e14a3e757092613ec37d2e027cf70e3e072Microsoft Internet Explorer Windows 10 1809 17763.316 scripting engine memory corruption exploit.
7d2015c3ac3c61fefec434f05b388f4ccd27c5327a0537ee0a13305ce2eda40cWhitepaper called Web Application Firewall Bypass Methods. Written In Turkish.
de3d6eb771b386a81807a989fe41fcd824480b3c78ac572e1d065e0f3b1e087aCyberoam General Authentication Client version 2.1.2.7 denial of service proof of concept exploit.
009f670f54b88215db3581aa256585fd014a51127143104c3fc870131e73e062Fast AVI MPEG Joiner version 1.2.0812 License Name proof of concept denial of service exploit.
18f81e70c998f3fe8d097c86b9a0adbccbf4384e7908865dc2aa79a8822b2531Ubuntu Security Notice 3957-2 - USN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
b0d0f2df5e341ab74394d08bdbd1096db37d3d0d16e4dbf587b5b663e8645b76Microsoft Windows installer suffers from a race condition that can allow for privilege escalation.
e5943fac225d4d55b0fa4d7a1e4b21e8a597a5aa436c053cea39b3a02de897f9Whitepaper called Penetration Testing Steps and Tools. Written In Turkish.
789ecc5a958af9486d5d831fa003b63f12d584366542b0127215d7a135d6af23Pidgin version 2.13.0 denial of service proof of concept exploit.
dbed3b7cdf9c51d8959568e09d67a7eb7e08fd52ceb6d262662bccfb08103b9a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed