[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05068681 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05068681 Version: 1 HPSBGN03569

[slackware-security] mozilla-thunderbird (SSA:2016-095-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2016-095-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+

ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability EMC Identifier: ESA-2016-034 CVE Identifier: CVE-2016-0888 Severity Rating: CVSS v3 Base Score: 8.8(AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected products: • Documentum D2

[SE-2012-01] Broken security fix in IBM Java 7/8

Hello All, Those concerned about security of IBM Java [1] may find this post interesting. We discovered that a fix for a security vulnerability (Issue 67) [2] we reported to the company in May 2013 didn't address the problem properly. This is the 6th instance of a broken patch we encountered

CVE-2016-2191: optipng: invalid write

An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes. optipng-0.7.5/src/pngxtern/pngxrbmp.c: , | 210 static size_t | 211 bmp_read_rows(png_bytepp

ManageEngine Password Manager Pro Multiple Vulnerabilities

[Systems Affected] Product : ManageEngine Password Manager Pro Company : ZOHO Corp. Build Number : 8.1 to 8.3 and probably earlier versions Affected Versions : 8102 to 8302 and probably earlier versions [Product Description] Password Manager Pro is a secure vault for storing and

FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability

Document Title: === FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1687 Fortinet PSIRT ID: 1624561 Release Date: =

Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability

Document Title: === Techsoft Web Solutions CMS (2016 Q2) - SQL Injection Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1810 Release Date: = 2016-04-04 Vulnerability Laboratory ID (VL-ID):

Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

Document Title: === Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1808 Release Date: = 2016-04-01 Vulnerability Laboratory ID (VL-ID):

Bugcrowd CSV injection vulnerability

Description: A vulnerability in the file upload feature allows attackers to send malicious csv files. By using the Microsoft Excel DDE function an attacker can launch arbritary commands on the victims system. Many companies don't allow xslx or docx files to be uploaded by security testers,

[SECURITY] [DSA 3540-1] lhasa security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3540-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2016

[SECURITY] [DSA 3539-1] srtp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3539-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2016

Open-Xchange Security Advisory 2016-04-02

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 44409 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.8.0 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed

[security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05068676 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05068676 Version: 1 HPSBGN03565

[slackware-security] mercurial (SSA:2016-092-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mercurial (SSA:2016-092-01) New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog:

[slackware-security] php (SSA:2016-092-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2016-092-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+

[security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04920918 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04920918 Version: 3 HPSBHF03431

[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Re

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05054964 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05054964 Version: 1 HPSBUX03561