1. ADVISORY INFORMATION
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Craft CMS affected by server side template injection
Nelson Berg & Jurgen Kloosterman, June 2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] php (SSA:2016-176-01)
New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--+
Product:
https://www.untangle.com/untangle-ng-firewall/
Description:
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command
Injection')
The Untangle NGFW <= 12.1.0 web interface is prone to a command injection
vulnerability, allowing non-root users to execute
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3606-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt
[+] ISR: APPARITIONSEC
Vendor:
=
mylittleforum.net
Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5