[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-028] Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION

[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: [ERPSCAN-15-029] Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION

CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver

Vulnerability title: Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver CVE: CVE-2015-7723 Vendor: AMD Product: fglrx-driver Affected version: 14.4.2 Fixed version: 15.7 Reported by: Tim Brown Details: It has been identified that the

CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver

Vulnerability title: Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver CVE: CVE-2015-7724 Vendor: AMD Product: fglrx-driver Affected version: 15.7 Fixed version: 15.9 Reported by: Tim Brown Details: In the process of validating the fix

Cross-Site Request Forgery on Oxwall

Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Version(s): 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendor Patch: September 8, 2015 Public Disclosure: October

[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-030] Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION

[SECURITY] [DSA 3382-1] phpmyadmin security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3382-1 secur...@debian.org https://www.debian.org/security/ Thijs Kinkhorst October 28, 2015

PHP Server Monitor 3.1.1 Privilege Escalation

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-PRIV-ESCALATE.txt Vendor: www.phpservermonitor.org

[SECURITY] [DSA 3383-1] wordpress security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3383-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 29, 2015

[slackware-security] curl (SSA:2015-302-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] curl (SSA:2015-302-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+

[SECURITY] [DSA 3384-1] virtualbox security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3384-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2015

[SECURITY] [DSA 3332-2] wordpress regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3332-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 29, 2015

PHP Server Monitor 3.1.1 CSRF

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: www.phpservermonitor.org