Jump to content

Tonik

Moderators
  • Posts

    14,827
  • Joined

  • Last visited

  • Days Won

    748

Everything posted by Tonik

  1. ^^Sucks at keeping his wife in the kitchen making all men look bad.
  2. No need to feel bad for them, they got trailers and are not afraid to use them.
  3. I don't need another account to do that.
  4. ^ Too stupid to understand the concept of this thread. Dumbass.
  5. Make him throw in the Top Gun poster.
  6. Yep, 10 pretty much turns into 22 pretty quickly there. https://goo.gl/maps/AunoJWj2zz52
  7. And his secretary sucks, but not on a good way.
  8. I totally got that. His secretary says he can go. He walks a lot at work. He hasnt been in two years and is willing to ride down with others. He hopes he hits 3k on miles on his bike this season...which is year three for this bike and I am pretty sure he is old and the bike is white.
  9. Last weeks security alerts for all the major software/hardware vendors. National Cyber Awareness System: SB16-088: Vulnerability Summary for the Week of March 21, 2016 03/28/2016 07:13 AM EDT Original release date: March 28, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team(US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- mac_os_x AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-03-23 9.3 CVE-2016-1733 CONFIRM APPLE apple -- iphone_os AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. 2016-03-23 7.2 CVE-2016-1734 CONFIRM CONFIRM APPLE APPLE apple -- mac_os_x Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736. 2016-03-23 9.3 CVE-2016-1735 CONFIRM APPLE apple -- mac_os_x Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735. 2016-03-23 9.3 CVE-2016-1736 CONFIRM APPLE apple -- mac_os_x dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. 2016-03-23 7.2 CVE-2016-1738 CONFIRM APPLE apple -- apple_tv FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. 2016-03-23 9.3 CVE-2016-1740 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- mac_os_x The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-03-23 10.0 CVE-2016-1741 CONFIRM APPLE apple -- mac_os_x The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744. 2016-03-23 9.3 CVE-2016-1743 CONFIRM APPLE apple -- mac_os_x The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743. 2016-03-23 9.3 CVE-2016-1744 CONFIRM APPLE apple -- mac_os_x IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. 2016-03-23 9.3 CVE-2016-1746 CONFIRM APPLE apple -- mac_os_x IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. 2016-03-23 9.3 CVE-2016-1747 CONFIRM APPLE apple -- mac_os_x IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-03-23 9.3 CVE-2016-1749 CONFIRM APPLE apple -- apple_tv Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. 2016-03-23 9.3 CVE-2016-1750 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- apple_tv The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. 2016-03-23 9.3 CVE-2016-1751 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE apple -- apple_tv The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. 2016-03-23 9.3 CVE-2016-1752 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- apple_tv Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. 2016-03-23 9.3 CVE-2016-1753 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- apple_tv The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755. 2016-03-23 9.3 CVE-2016-1754 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- apple_tv The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. 2016-03-23 9.3 CVE-2016-1755 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- iphone_os The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. 2016-03-23 9.3 CVE-2016-1756 CONFIRM CONFIRM APPLE APPLE apple -- iphone_os Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. 2016-03-23 9.3 CVE-2016-1757 CONFIRM CONFIRM APPLE APPLE apple -- mac_os_x The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-03-23 9.3 CVE-2016-1759 CONFIRM APPLE apple -- iphone_os libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. 2016-03-23 10.0 CVE-2016-1761 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE apple -- safari libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before 9.1, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. 2016-03-23 10.0 CVE-2016-1762 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE APPLE apple -- safari The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. 2016-03-23 7.1 CVE-2016-1771 CONFIRM APPLE apple -- apple_tv TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. 2016-03-23 9.3 CVE-2016-1775 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- safari WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-03-23 9.3 CVE-2016-1778 CONFIRM CONFIRM APPLE APPLE apple -- safari WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-03-23 9.3 CVE-2016-1783 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE cisco -- ios The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708. 2016-03-24 7.8 CVE-2016-1347 CISCO hp -- operations_orchestration HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. 2016-03-22 10.0 CVE-2016-1997 HP hp -- service_manager HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. 2016-03-22 10.0 CVE-2016-1998 HP hp -- support_assistant HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. 2016-03-19 10.0 CVE-2016-2245 HP ibm -- tivoli_netview_access_services ** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability. 2016-03-18 9.0 CVE-2014-9768 MISC MISC symantec -- endpoint_protection_manager Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. 2016-03-18 8.5 CVE-2015-8152 CONFIRM BID symantec -- endpoint_protection_manager SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-03-18 8.3 CVE-2015-8153 CONFIRM BID symantec -- endpoint_protection_manager The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." 2016-03-18 9.3 CVE-2015-8154 CONFIRM BID Back to top Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- panel_builder_800 Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. 2016-03-18 6.0 CVE-2016-2281 MISC apple -- safari Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. 2016-03-23 4.3 CVE-2009-2197 CONFIRM APPLE apple -- mac_os_x Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file. 2016-03-23 6.8 CVE-2016-1737 CONFIRM APPLE apple -- apple_tv IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. 2016-03-23 4.3 CVE-2016-1748 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE apple -- iphone_os The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. 2016-03-23 4.3 CVE-2016-1758 CONFIRM CONFIRM APPLE APPLE apple -- mac_os_x The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. 2016-03-23 4.3 CVE-2016-1764 CONFIRM APPLE apple -- xcode otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. 2016-03-23 4.6 CVE-2016-1765 CONFIRM APPLE apple -- iphone_os The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. 2016-03-23 5.0 CVE-2016-1766 CONFIRM APPLE apple -- mac_os_x QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. 2016-03-23 6.8 CVE-2016-1767 CONFIRM APPLE apple -- mac_os_x QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. 2016-03-23 6.8 CVE-2016-1768 CONFIRM APPLE apple -- mac_os_x QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. 2016-03-23 6.8 CVE-2016-1769 CONFIRM APPLE apple -- mac_os_x The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. 2016-03-23 4.3 CVE-2016-1770 CONFIRM APPLE apple -- safari The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. 2016-03-23 4.3 CVE-2016-1772 CONFIRM APPLE apple -- mac_os_x_server The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. 2016-03-23 5.0 CVE-2016-1774 CONFIRM APPLE apple -- mac_os_x_server Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. 2016-03-23 5.0 CVE-2016-1776 CONFIRM APPLE apple -- mac_os_x_server Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. 2016-03-23 5.0 CVE-2016-1777 CONFIRM APPLE apple -- safari WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. 2016-03-23 4.3 CVE-2016-1779 CONFIRM CONFIRM APPLE APPLE apple -- iphone_os WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. 2016-03-23 4.3 CVE-2016-1780 CONFIRM APPLE apple -- safari WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. 2016-03-23 4.3 CVE-2016-1781 CONFIRM CONFIRM APPLE APPLE apple -- safari WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. 2016-03-23 4.3 CVE-2016-1782 CONFIRM CONFIRM APPLE APPLE apple -- safari The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. 2016-03-23 4.3 CVE-2016-1784 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE apple -- safari The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2016-03-23 4.3 CVE-2016-1785 CONFIRM CONFIRM APPLE APPLE apple -- safari The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. 2016-03-23 5.8 CVE-2016-1786 CONFIRM CONFIRM APPLE APPLE apple -- mac_os_x_server Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. 2016-03-23 5.0 CVE-2016-1787 CONFIRM APPLE ca -- single_sign-on The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. 2016-03-23 6.4 CVE-2015-6853 CONFIRM ca -- single_sign-on The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. 2016-03-23 6.4 CVE-2015-6854 CONFIRM cisco -- ios_xr The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. 2016-03-24 6.8 CVE-2016-1366 CISCO dropbear_ssh_project -- dropbear_ssh CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. 2016-03-22 5.5 CVE-2016-3116 CONFIRM edx -- open_edx lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site. 2016-03-19 4.3 CVE-2015-2286 CONFIRM CONFIRM ibm -- business_process_manager Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. 2016-03-21 4.0 CVE-2015-7454 CONFIRM AIXAPAR ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-03-19 4.3 CVE-2016-0283 CONFIRM AIXAPAR netiq -- self_service_password_reset Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-03-23 4.3 CVE-2016-1599 CONFIRM CONFIRM novell -- filr Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-03-18 4.3 CVE-2015-5968 CONFIRM openbsd -- openssh Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. 2016-03-22 5.5 CVE-2016-3115 CONFIRM CONFIRM CONFIRM ruby-lang -- ruby The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. 2016-03-23 4.6 CVE-2015-7551 CONFIRM CONFIRM CONFIRM CONFIRM APPLE CONFIRM CONFIRM xzeres -- 442sr_os Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-03-19 4.3 CVE-2016-2287 MISC Back to top Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- mac_os_x AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. 2016-03-23 3.6 CVE-2016-1732 CONFIRM APPLE apple -- mac_os_x IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. 2016-03-23 2.1 CVE-2016-1745 CONFIRM APPLE apple -- iphone_os Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. 2016-03-23 3.5 CVE-2016-1763 CONFIRM APPLE apple -- mac_os_x The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. 2016-03-23 2.1 CVE-2016-1773 CONFIRM APPLE apple -- iphone_os Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. 2016-03-23 2.6 CVE-2016-1788 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE siemens -- apogee_insight Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. 2016-03-18 3.6 CVE-2016-3155 CONFIRM Back to top Severity Not Yet Assigned Primary Vendor -- Product Description Published CVSS Score Source & Patch Info cisco -- ios Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. 2016-03-25 not yet calculated CVE-2016-1348 CISCO cisco -- ios The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. 2016-03-25 not yet calculated CVE-2016-1351 CISCO cisco -- ios The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. 2016-03-25 not yet calculated CVE-2016-1349 CISCO cisco -- ios_xe Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. 2016-03-25 not yet calculated CVE-2016-1350 CISCO cisco -- ios_xe The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. 2016-03-25 not yet calculaed CVE-2016-1344 CISCO granite_data_services -- amf_framework The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-03-25 not yet calculated CVE-2016-2340 CERT-VN MIT -- ldap_kdb_module The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. 2016-03-25 not yet calculated CVE-2016-3119 CONFIRM oracle -- java_se Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. 2016-03-24 not yet calculated CVE-2016-0636 CONFIRM wordpress -- favorite_posts_plugin Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-03-25 not yet calculated CVE-2016-1160 CONFIRM JVNDB JVN Back to top This product is provided subject to this Notification and this Privacy & Use policy.
  10. Leave off the img tags, use the .jpg url and 'insert other media' then 'insert image from url'
  11. Hang loose Mike, I will fix your pics....done. Leave off the img tags, use the .jpg url and 'insert other media' then 'insert image from url'
  12. ^^Can't read or comprehend for shit. Thread is insult the poster above you, not the one two above you. Dumbass.
  13. Yea they are messed up. There are three ways to post pics. Load them up here to your gallery (hardest way). Attach them to the post....like if they are in your phone and you are posting from that. Or last to link to another site, like photobucket or smugmug or Flickr or something. It looks like you are doing the last, linking to another site. To do that you need to figure out how to get a link from that site that has .jpg or .bmp or whatever on the end. If I go to my smugmug and look at the page that has my Fonz picture and just post that directly: https://jimkennedy.smugmug.com/Wizard-World-2016/i-JmNP5WK It won't show up, but you can click on it. If I use that same link and hit the button on the bottom right that says Insert other media and post that link with 'insert url', it won't show up. But if I go to my fonz page and get the full url to the actual pic by right clicking on the pic and saying 'get 'copy image address' I get the full url with the .jpg in it. I can just post that into the post, or use the button on the bottom right and insert url. The key is to use a url that has the .jpg or .bmp or what ever on the end, that is a valid link all the way to the image. Get that and you will be golden. EDIT. TOOK OUT MY FONZ PIC SO NOT TO MESS UP YOUR THREAD. IT WAS THERE, HONEST.
  14. Probably a repost, but in honor of Easter:
  15. Plans a Meat and Great sausage fest then makes up bullshit rules about keeping our pants on.
  16. ^^ Kills every thread he posts in, case in point. This one.
  17. That looks great Brian. Your kid will remember that and tell the story when he is 40.
  18. The Box gets lots of folks. And you are right, practice helps. And the practicing and learning never ends. Its part of the fun for me, getting better.
  19. I would have no problem living with that. Hell, I would back over him a few times just ro make sure.
  20. Your entire premise is based on a lie. Stunters on the street most certainly do kill and injure people. It happens a lot more than you think. You fail to understand you are EXACLTY the same as a drunk driver. They dont think they are going to hurt anyone. They think they are fine and in control. Both of you are wrong, very wrong. Its one thing to make a mistake and accidentally kill someone. But it is entirely different to decide to drink and drive or stunt on a public road and consciously decide to put others in danger. I find your disregard for others in pursuit of your own fun to be quite disturbing. legacy.wfaa.com/story/news/crime/2014/08/10/13637294
  21. Weather permitting that is what I am doing.
  22. We are getting good at this grandparents shit. 12 people over, it went perfectly.
  23. The post above this one is the correct answer.
  24. He is trailering, there is no doubt.
×
×
  • Create New...