Syslog Server "npriority" field remote Denial of Service vulnerability

Title: Syslog Server "npriority" field remote Denial of Service vulnerability Software : Syslog Server Software Version : Syslog Server 1.2.3 Vendor: https://sourceforge.net/p/syslog-server/ Vulnerability Published : 2016-07-02 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base

[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to make an announcement here. This was found in Linux kernel file Linux-4.6/kernel/auditsc.c, and crafted user space data change under race condition will make control strings

OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

Document Title: === OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1868 Release Date: = 2016-07-04 Vulnerability Laboratory ID (VL-ID):

KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability

Document Title: === KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1867 Release Date: = 2016-07-01 Vulnerability Laboratory ID (VL-ID):

[CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to make an announcement here. This was found in Linux kernel file Linux-4.6/drivers/platform/chrome/cros_ec_dev.c, and crafted user space data change under race condition will

[SECURITY] [DSA 3616-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3616-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 04, 2016

WebCalendar v1.2.7 CSRF Protection Bypass

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product:

WebCalendar v1.2.7 CSRF Protection Bypass

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product:

WebCalendar v1.2.7 CSRF Protection Bypass

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product:

HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation

Vendor: EMC Product: Documentum WDK-based applications, all versions Security impact: high All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain extremely dangerous web component – API Tester. The “API Tester” component wan’t designed with

WebCalendar v1.2.7 PHP Code Injection

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-INJECTION.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product:

[FD]CVE ID request : SQL injection in 24Online Client

Software name: 24 online Version: 8.3.6 build 9.0 Vendor website: http://24onlinebilling.com Potentially others versions older than this are vulnerable too. Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The invoiceid GET

[SECURITY] [DSA 3614-1] tomcat7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3614-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2016

[SECURITY] [DSA 3615-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3615-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2016

[SECURITY] [DSA 3613-1] libvirt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3613-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2016

[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage

[CVE-2016-4974] Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Qpid AMQP 0-x JMS client 6.0.3 and earlier Qpid JMS (AMQP 1.0) client 0.9.0 and earlier Description: When applications call

[security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05193347 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05193347 Version: 1 HPSBGN03627

[SECURITY] [DSA 3612-1] gimp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3612-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 01, 2016