[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability

--- ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability --- [-] Software Link: http://www.atutor.ca/ [-] Affected Versions: Version 2.2 and prior versions.

[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability

-- ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability -- [-] Software Link: http://www.atutor.ca/ [-] Affected Versions:

[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability

--- Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability --- [-] Software Link: https://piwik.org/ [-] Affected Versions: Version 2.14.3

[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability

--- Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability --- [-] Software Link: https://piwik.org/ [-] Affected Versions: Version 2.14.3

[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability

- ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability - [-] Software Link: http://www.atutor.ca/ [-] Affected Versions:

[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability

-- ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability -- [-] Software Link: http://www.atutor.ca/ [-] Affected Versions: Version 2.2 and

Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-aos Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT)

Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Web Security Appliance Range Request Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-wsa2 Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +-

Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Mobility Services Engine Static Credential Vulnerability Advisory ID: cisco-sa-20151104-mse-cred Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +- Summary

Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability Advisory ID: cisco-sa-20150612-esa Revision 2.0 For Public Release 2015 November 4 16:00 UTC (GMT) +-

Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Advisory ID: cisco-sa-20151104-wsa Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT)

Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-wsa1 Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +-

Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability Advisory ID: cisco-sa-20151104-esa2 Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +-

Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Mobility Services Engine Privilege Escalation Vulnerability Advisory ID: cisco-sa-20151104-privmse Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +-

[SECURITY] [DSA 3393-1] iceweasel security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3393-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2015

[security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04876402 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04876402 Version: 1 HPSBGN03519

Elasticsearch vulnerability CVE-2015-5377

Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled.

[SECURITY] [DSA 3394-1] libreoffice security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3394-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2015

SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20151105-0 > === title: Insecure default configuration product: various Ubiquiti Networks products vulnerable version: see Vulnerable / tested ve