BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

1. ADVISORY INFORMATION Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability Application: BigTree CMS Remotely Exploitable: Yes Versions Affected: < 4.2.11 Vendor URL: https://www.bigtreecms.org Bugs: SQL Injection Author: Mehmet Ince

Craft CMS affected by server side template injection

Craft CMS affected by server side template injection Nelson Berg & Jurgen Kloosterman, June 2016

[slackware-security] php (SSA:2016-176-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2016-176-01) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection

Product: https://www.untangle.com/untangle-ng-firewall/ Description: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute

[SECURITY] [DSA 3606-1] libpdfbox security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3606-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016

MyLittleForum v2.3.5 PHP Command Injection

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt [+] ISR: APPARITIONSEC Vendor: = mylittleforum.net Download: github.com/ilosuna/mylittleforum/releases/tag/v2.3.5