MEMPHIS COMPUTER REPAIR . COM

Networking - WiFi, Data Recovery, Web Design, SEO, Computer Repair and Support



 

Memphis Computer Repair brings you top quality technicians at unbeatable rates 24 hours a day, 7 days a week. Our highly trained and experienced staff will assist you with all of your information technology needs. We service business computers, residential computers, servers, workstations, desktop PCs, and laptops.

Computer Related Services

Our skilled staff has more to offer than merely computer repair services. We specialize in building and implementing residential and business computer networks. Securing your network is only a click away! Guarauntee the safety of your data by only allowing access to who you choose! Are you sure you need a new printer? Don't buy a new printer for every computer you own. Save money by networking your computers and your printer! Any printer can be used on a network, be it a residential network or a business network.

Memphis Computer Repair is always open for business. We service and repair all bands and models of computers including: Dell, Gateway, Compaq, Hewlett-Packard HP, IBM, and all custom built computers.

Our discounted computer repair rates will fit your budget.

We stand behind our work with a 100% satisfaction guarauntee!

With every computer we service we include a comprehensive and easily read reapir ticket to keep you informed on what has been done. We replace difficult computer lingo with understandable terms that you will understand. We never perform unnecessary work and we will ALWAYS inform you of the cost before any work is done!

Have you been blindsided by a computer repair company that charged you an outrageous amount for repairs you think you might not have needed? You will know the complete cost of any computer work done before the service is performed. If computer repair cost is out of your budget, we will not charge you for the estimate.

Servicing The Following Locations

Memphis, TN, Olive Branch, Southaven, Horn Lake, Hernando, Byhalia, Barton, Collierville, Cordova, Germantown, West Memphis, AR, Oakland, TN, Bartlett, Raleigh, Millington, Tunica, MS, and all areas of Shelby County Tennessee, DeSoto County Mississippi, and Marshall County Mississippi.

Have questions? Need help?

We would be glad to help you; simply contact us via our contact page, Contact Us.

*based on 33.6 Kilobits per second Internet connection speed

Valid CSS!

Open a Service Request/Repair Ticket or Call us @
901-515-8433
Name:
Address:
City: State:
Zip:Phone Number:
Email Address:
Computer Brand:
Computer Model:
Problem or Service Requested



US-CERT: The United States Computer Emergency Readiness Team


02/04/2016 06:53 PM
Comodo Chromodo Browsers Vulnerable to Cross-Domain Attacks
Original release date: February 04, 2016

Some Comodo Chromodo browser versions (45.8.12.392, 45.8.12.391, and possibly earlier) are vulnerable to cross-domain attacks. When a user of a vulnerable Chromodo browser visits a specially crafted web page, an attacker may obtain access to web content from another domain.

US-CERT recommends users and administrators review Vulnerability Note VU#305096 for additional information and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.



02/02/2016 03:46 PM
WordPress Releases Security Update
Original release date: February 02, 2016

WordPress 4.4.1 and prior versions contain two security vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.4.2.


This product is provided subject to this Notification and this Privacy & Use policy.



02/01/2016 05:22 AM
SB16-032: Vulnerability Summary for the Week of January 25, 2016
Original release date: February 01, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cisco -- modular_encoding_platform_d9036_softwareCisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.2016-01-2210.0CVE-2015-6412
CISCO
cisco -- unified_computing_systemAn unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.2016-01-2210.0CVE-2015-6435
CISCO
debian -- fuseAn unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.2016-01-267.2CVE-2016-1233
DEBIAN
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-01-259.3CVE-2016-1620
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-01-257.5CVE-2016-2052
CONFIRM
CONFIRM
CONFIRM
harman -- amx_firmwareThe setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.2016-01-2210.0CVE-2015-8362
CERT-VN
MISC
CONFIRM
CONFIRM
FULLDISC
MISC
harman -- amx_firmwareThe setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.2016-01-2210.0CVE-2016-1984
CERT-VN
CONFIRM
CONFIRM
MISC
FULLDISC
MISC
hospira -- lifecare_pca_infusion_systemStack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.2016-01-2210.0CVE-2015-7909
MISC
lexmark -- printer_firmwareRace condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.2016-01-2710.0CVE-2016-1896
CONFIRM
microsys -- promoticHeap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.2016-01-267.1CVE-2016-0869
MISC
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cakephp -- cakephpCakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.2016-01-266.8CVE-2015-8379
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
MISC
CONFIRM
cisco -- identity_services_engine_softwareCisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.2016-01-236.8CVE-2015-6317
CISCO
cisco -- application_policy_infrastructure_controller_enterprise_moduleCross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.2016-01-264.3CVE-2015-6337
CISCO
cisco -- unified_contact_center_expressMultiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.2016-01-264.3CVE-2016-1298
CISCO
cisco -- unity_connectionCross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.2016-01-274.3CVE-2016-1300
CISCO
ecryptfs -- ecryptfs-utilsmount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.2016-01-224.6CVE-2016-1572
UBUNTU
DEBIAN
CONFIRM
CONFIRM
MLIST
google -- chromeThe LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.2016-01-256.8CVE-2016-1612
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.2016-01-256.8CVE-2016-1613
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.2016-01-254.3CVE-2016-1614
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.2016-01-254.3CVE-2016-1615
CONFIRM
CONFIRM
google -- chromeThe CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.2016-01-254.3CVE-2016-1616
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.2016-01-254.3CVE-2016-1617
CONFIRM
CONFIRM
CONFIRM
google -- chromeBlink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.2016-01-254.3CVE-2016-1618
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.2016-01-256.8CVE-2016-1619
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-01-256.8CVE-2016-2051
CONFIRM
greenbone -- greenbone_osCross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.2016-01-264.3CVE-2016-1926
MISC
BUGTRAQ
CONFIRM
CONFIRM
MISC
ibm -- rational_software_architectCross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-01-274.3CVE-2015-7439
CONFIRM
ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.2016-01-274.9CVE-2015-7487
CONFIRM
ibm -- websphere_portalCross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-01-274.3CVE-2016-0209
CONFIRM
lenovo -- shareitLenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.2016-01-264.3CVE-2016-1489
CONFIRM
MISC
FULLDISC
privoxy -- privoxyThe remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.2016-01-275.0CVE-2016-1982
CONFIRM
MLIST
MLIST
privoxy -- privoxyThe client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.2016-01-275.0CVE-2016-1983
CONFIRM
MLIST
MLIST
CONFIRM
tuxfamily -- chronychrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."2016-01-266.8CVE-2016-1567
FEDORA
MISC
CONFIRM
wolfssl -- wolfsslwolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.2016-01-225.0CVE-2015-6925
CONFIRM
MISC
CONFIRM
xen -- xenThe PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.2016-01-226.9CVE-2016-1570
CONFIRM
SECTRACK
xen -- xenThe paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.2016-01-224.7CVE-2016-1571
CONFIRM
SECTRACK
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- websphere_application_serverCross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.2016-01-233.5CVE-2015-7417
CONFIRM
AIXAPAR
ibm -- spectrum_scaleIBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.2016-01-272.1CVE-2015-7488
CONFIRM
lenovo -- shareitThe Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.2016-01-262.7CVE-2016-1490
CONFIRM
MISC
FULLDISC
lenovo -- shareitThe Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.2016-01-263.3CVE-2016-1491
CONFIRM
MISC
FULLDISC
lenovo -- shareitThe Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.2016-01-262.9CVE-2016-1492
CONFIRM
MISC
FULLDISC
wolfssl -- wolfsslwolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorm (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.2016-01-222.6CVE-2015-7744
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.



01/29/2016 04:36 PM
FTC Announces Enhancements to IdentityTheft.gov
Original release date: January 29, 2016

The Federal Trade Commission (FTC) has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the FTC's consumer complaint system. Resources are also available for those who want to avoid becoming victims of identity theft.

Consumers are encouraged to visit FTC's IdentityTheft.gov site and review US-CERT's tip on Preventing and Responding to Identity Theft for more information.


This product is provided subject to this Notification and this Privacy & Use policy.



01/28/2016 03:11 PM
OpenSSL Releases Security Advisory
Original release date: January 28, 2016

OpenSSL versions 1.0.2f and 1.0.1r have been released to address vulnerabilities in prior versions. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information.

US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. For more information, please see Vulnerability Note VU#257823.


This product is provided subject to this Notification and this Privacy & Use policy.



01/27/2016 04:40 PM
Cisco Releases Security Update
Original release date: January 27, 2016

Cisco has released a security update to address a vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Users and administrators are encouraged to review the Cisco Security Advisory and US-CERT's tip on Securing Your Home Network and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.



01/26/2016 03:56 PM
Mozilla Releases Security Updates
Original release date: January 26, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 44
  • Firefox ESR 38.6

US-CERT encourages users and administrators to review Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



01/25/2016 10:55 PM
IRS Releases Tenth Security Tip
Original release date: January 25, 2016

The Internal Revenue Service (IRS) has released the tenth in a series of tips intended to help the public protect personal and financial data online and at home. This tip describes steps tax preparers can take to protect sensitive information. Recommendations include conducting a full scan of all computer drives and files, making sure that tax preparers' security software updates automatically, and using robust security software that helps block malware and viruses.

Users and administrators are encouraged to review the IRS Security Awareness Tax Tip Number 10 for additional information.


This product is provided subject to this Notification and this Privacy & Use policy.



01/25/2016 10:48 PM
Apple Releases Security Update for tvOS
Original release date: January 25, 2016

Apple has released a security update for tvOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security update for tvOS 9.1.1 Apple TV (4th generation) and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.



01/25/2016 05:09 AM
SB16-025: Vulnerability Summary for the Week of January 18, 2016
Original release date: January 25, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cgit_project -- cgitInteger overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.2016-01-207.5CVE-2016-1901
MLIST
MLIST
MLIST
CONFIRM
fortinet -- fortiosFortiOS 4.x before 4.3.17 and 5.0.x before 5.0.8 has a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.2016-01-1510.0CVE-2016-1909
EXPLOIT-DB
MISC
SECTRACK
CONFIRM
FULLDISC
MISC
CONFIRM
hp -- arcsight_loggerHPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.2016-01-167.5CVE-2015-6863
HP
ibm -- tealeaf_customer_experienceDirectory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.2016-01-187.8CVE-2015-4988
CONFIRM
php -- phpStack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.2016-01-197.5CVE-2015-5590
CONFIRM
CONFIRM
MLIST
CONFIRM
php -- phpThe php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.2016-01-197.5CVE-2015-6527
CONFIRM
MLIST
CONFIRM
php -- phpMultiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.2016-01-197.5CVE-2015-6831
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
php -- phpUse-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.2016-01-197.5CVE-2015-6832
CONFIRM
CONFIRM
php -- phpThe SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.2016-01-197.5CVE-2015-6836
CONFIRM
CONFIRM
php -- phpUse-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array.2016-01-197.5CVE-2015-8616
CONFIRM
CONFIRM
php -- phpFormat string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.2016-01-1910.0CVE-2015-8617
CONFIRM
CONFIRM
CONFIRM
php -- phpMultiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.2016-01-197.5CVE-2016-1904
CONFIRM
CONFIRM
CONFIRM
MLIST
sap -- hanaBuffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.2016-01-207.5CVE-2016-1928
MISC
MISC
sap -- hanaThe XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.2016-01-208.5CVE-2016-1929
MISC
MISC
seeds -- acmailerSeeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.2016-01-169.0CVE-2016-1142
CONFIRM
JVNDB
JVN
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cgit_project -- cgitCRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.2016-01-204.3CVE-2016-1899
MLIST
MLIST
MLIST
MLIST
CONFIRM
cgit_project -- cgitCRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.2016-01-204.3CVE-2016-1900
MLIST
MLIST
MLIST
MLIST
CONFIRM
cisco -- firesight_system_softwareMultiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.2016-01-164.3CVE-2016-1293
CISCO
cisco -- firesight_system_softwareCross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.2016-01-164.3CVE-2016-1294
CISCO
cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.2016-01-165.0CVE-2016-1295
CISCO
cisco -- web_security_applianceThe proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.2016-01-205.0CVE-2016-1296
CISCO
dolibarr -- dolibarrMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.2016-01-154.3CVE-2015-8685
CONFIRM
CONFIRM
FULLDISC
gajim -- gajimGajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.2016-01-155.8CVE-2015-8688
CONFIRM
SUSE
MISC
h2o_project -- h2oCRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.2016-01-164.3CVE-2016-1133
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
hp -- arcsight_loggerHPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.2016-01-166.5CVE-2015-6864
HP
ibm -- websphere_mq_lightIBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions.2016-01-185.0CVE-2015-4942
CONFIRM
ibm -- tivoli_storage_managerClient Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.2016-01-205.0CVE-2015-4951
CONFIRM
ibm -- tivoli_federated_identity_managerCross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-01-184.3CVE-2015-4959
CONFIRM
AIXAPAR
ibm -- host_on-demandCross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-01-184.3CVE-2015-5002
CONFIRM
ibm -- websphere_commerceCross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-01-184.3CVE-2015-5008
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- jazz_reporting_serviceReport Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.2016-01-174.0CVE-2015-7468
CONFIRM
ibm -- jazz_reporting_serviceReport Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.2016-01-174.0CVE-2015-7469
CONFIRM
ibm -- jazz_reporting_serviceReport Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.2016-01-175.0CVE-2015-7470
CONFIRM
ibm -- security_network_protection_firmwareGSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.2016-01-184.3CVE-2016-0201
CONFIRM
isc -- bindapl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.2016-01-206.8CVE-2015-8704
CONFIRM
isc -- bindbuffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.2016-01-206.6CVE-2015-8705
CONFIRM
juniper -- junosJuniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service."2016-01-155.0CVE-2016-1256
CONFIRM
juniper -- junosThe Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet.2016-01-154.3CVE-2016-1257
CONFIRM
juniper -- junosEmbedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors.2016-01-155.0CVE-2016-1258
CONFIRM
juniper -- junosJuniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.2016-01-155.0CVE-2016-1260
CONFIRM
juniper -- junosJuniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet.2016-01-154.3CVE-2016-1262
CONFIRM
netapp -- data_ontapNetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.2016-01-184.3CVE-2015-7886
CONFIRM
openbsd -- opensshThe ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.2016-01-195.0CVE-2016-1907
CONFIRM
CONFIRM
openstack -- computeThe volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.2016-01-154.3CVE-2015-8749
CONFIRM
CONFIRM
MLIST
MLIST
php -- phpDirectory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.2016-01-195.0CVE-2015-6833
CONFIRM
CONFIRM
MLIST
php -- phpThe gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.2016-01-196.4CVE-2016-1903
CONFIRM
CONFIRM
CONFIRM
MLIST
sap -- netweaverThe User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.2016-01-155.0CVE-2016-1910
MISC
MISC
sap -- netweaverMultiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Runtime Workmench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Note 2206793 and 2234918.2016-01-154.3CVE-2016-1911
MISC
MISC
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dolibarr -- dolibarrMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.2016-01-153.5CVE-2016-1912
MISC
CONFIRM
CONFIRM
MISC
MISC
gnu -- glibcThe process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.2016-01-202.1CVE-2015-8777
CONFIRM
MLIST
MISC
huawei -- s5300_firmwareHuawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.2016-01-152.1CVE-2015-8675
CONFIRM
ibm -- infosphere_master_data_managementIBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files.2016-01-172.1CVE-2015-4958
CONFIRM
ibm -- infosphere_master_data_managementIBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.2016-01-173.5CVE-2015-4960
CONFIRM
ibm -- websphere_commerceCross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-01-183.5CVE-2015-5009
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- infosphere_master_data_managementCross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-01-173.5CVE-2015-7414
CONFIRM
ibm -- jazz_reporting_serviceCross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-01-173.5CVE-2015-7467
CONFIRM
redhen_project -- redhenMultiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores.2016-01-153.5CVE-2016-1913
MISC
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.





We Specialize In...

Wireless Networking - WiFi

Wireless Network Setup, Access Points, Routers, Antennas, and other devices.

Network Wiring

Coax (RG-6/59), Ethernet Wiring (CAT 3/5/5E/6), Phone Systems, and Structured Wiring

Data Recovery

PC Desktop Harddrives, External Storage, Network Attached Storage(NAS), RAID Array, and Server Hard drives.

Hardware Service

Data Storage Systems, Hard Drive Related, Hardware Repair, Laptop Repair, PC Repiar, Scanner Repair, Server Repair, System Diagnostics, Tape Drives, and other External Media.

Software Services

Accounting Systems, Adware/Spyware Removal, Antivirus Software and Virus Removal, Back Up Software, Communications Software, Contact Management, Database Software, Documentation Creating and Publishing, and Email Software.

Operating Systems

Linux, MS-DOS, Windows NT Workstation and Server, Windows 95, Windows 98, Windows ME, Windows 2000, Windows XP Home and Windows XP Professional.

Printer Repair and Service

All inkjet and laserjet printers, Dot matrix printers, Network Printers, HP, Lexmark, Canon, Brother, Oki-Data, OTC, and many other Printer Manufacturers.

Your One-Stop Solution For..

Virus Scanning and Virus Removal, PC Help, Computer Maintenance, Business Computer/Laptop Repair, Hardware Configuration, Software Configuration, AdWare and Spyware Removal and Immunization, Door-to-Door Pc Repair and Computer Services, Networking, Cabling, Wired and Wireless Network Assistance, Network Diagnostics Service, Components, Modems, Printers, Scanners, Digital Cameras, Data Storage, Data Recovery, Backup and Fail-Safe Disaster Recovery, Cable Modem Internet and DSL Internet Connections and Maintenance, Computer Troubleshooting, Hard Drive backups, Technical Support, End user training, Software Training, Any on-site Computer Need, Computer Tune Ups, Operating System (OS) Installations, On Site Computer Traingin, Laptop/Notebook Service and Repair, Free Upgrading Advice and Computer Upgrades at unbeatable rates.

Legal InformationTechAnywhereComputer Repair MemphisComputer Repair Industry

© 2004-2016 memphiscomputerrepair.com
All rights reserved.