Feed aggregator

next-20160628: linux-next

Linux Kernel Updates - June 28, 2016 - 1:06am
Version:next-20160628 (linux-next) Released:2016-06-28

Craft CMS affected by server side template injection

BugTraq Latest Security Advisories - June 28, 2016 - 12:20am

Posted by Securify B.V. on Jun 27

------------------------------------------------------------------------
Craft CMS affected by server side template injection
------------------------------------------------------------------------
Nelson Berg & Jurgen Kloosterman, June 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that Craft CMS is vulnerable...
Categories:

Bugtraq: [slackware-security] php (SSA:2016-176-01)

Security Focus Latest Security Advisories - June 28, 2016 - 12:00am
[slackware-security] php (SSA:2016-176-01)
Categories:

Bugtraq: [SECURITY] [DSA 3606-1] libpdfbox security update

Security Focus Latest Security Advisories - June 27, 2016 - 10:00am
[SECURITY] [DSA 3606-1] libpdfbox security update
Categories:

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

BugTraq Latest Security Advisories - June 27, 2016 - 9:29am

Posted by mehmet on Jun 27

1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Date of found: 27 Jun 2016

2. CREDIT
========================================
Those vulnerabilities was identified during external penetration...
Categories:

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection

BugTraq Latest Security Advisories - June 27, 2016 - 6:36am

Posted by Matt Bush on Jun 27

Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to
execute arbitrary commands with root privileges and gain remote shell access to the appliance.

This vulnerability can be triggered via modifying any...
Categories:

MyLittleForum v2.3.5 PHP Command Injection

BugTraq Latest Security Advisories - June 27, 2016 - 6:26am

Posted by hyp3rlinx on Jun 27

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product:
===================
MyLittleForum 2.3.5

my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical...
Categories:

[slackware-security] php (SSA:2016-176-01)

BugTraq Latest Security Advisories - June 27, 2016 - 6:17am

Posted by Slackware Security Team on Jun 27

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.23-i486-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.23...
Categories:

[SECURITY] [DSA 3606-1] libpdfbox security update

BugTraq Latest Security Advisories - June 27, 2016 - 6:07am

Posted by Moritz Muehlenhoff on Jun 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3606-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libpdfbox-java
CVE ID : CVE-2016-2175

It was...
Categories:

Bugtraq: #146416 Ruby:HTTP Header injection in 'net/http'

#146416 Ruby:HTTP Header injection in 'net/http'
Categories:

Bugtraq: SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure
Categories:

Bugtraq: [KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability

[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
Categories:

Bugtraq: [KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
Categories:

next-20160627: linux-next

Linux Kernel Updates - June 27, 2016 - 1:36am
Version:next-20160627 (linux-next) Released:2016-06-27

4.7-rc5: mainline

Linux Kernel Updates - June 26, 2016 - 7:52pm
Version:4.7-rc5 (mainline) Released:2016-06-27 Source:linux-4.7-rc5.tar.xz PGP Signature:linux-4.7-rc5.tar.sign Patch:patch-4.7-rc5.xz

4.6.3: stable

Linux Kernel Updates - June 24, 2016 - 12:22pm
Version:4.6.3 (stable) Released:2016-06-24 Source:linux-4.6.3.tar.xz PGP Signature:linux-4.6.3.tar.sign Patch:patch-4.6.3.xz (Incremental) ChangeLog:ChangeLog-4.6.3

4.4.14: longterm

Linux Kernel Updates - June 24, 2016 - 12:18pm
Version:4.4.14 (longterm) Released:2016-06-24 Source:linux-4.4.14.tar.xz PGP Signature:linux-4.4.14.tar.sign Patch:patch-4.4.14.xz (Incremental) ChangeLog:ChangeLog-4.4.14

3.14.73: longterm

Linux Kernel Updates - June 24, 2016 - 12:15pm
Version:3.14.73 (longterm) Released:2016-06-24 Source:linux-3.14.73.tar.xz PGP Signature:linux-3.14.73.tar.sign Patch:patch-3.14.73.xz (Incremental) ChangeLog:ChangeLog-3.14.73