[security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05063986 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05063986 Version: 2 HPSBGN03564

[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05216368 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05216368 Version: 1 HPSBUX03632

[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to make an announcement here. This was found in Linux kernel file Linux-4.5/drivers/scsi/aacraid/commctrl.c, and crafted user space data change under race condition will lead to

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Yorick Koster, July 2016

Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)

Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) -- http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html Overview "Stay safe from malicious links, suspicious content and identity theft while you surfing the Internet." "Our Safe Browser covers

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

Document Title: === Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1891 Release Date: = 2016-08-01 Vulnerability Laboratory ID (VL-ID):

Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

Document Title: === Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1687 Fortinet PSIRT ID: 1624561 Release Notes #1:

Cross-Site Scripting in Contact Bank WordPress Plugin

Cross-Site Scripting in Contact Bank WordPress Plugin Yorick Koster, July 2016

SQL injection vulnerability in Booking Calendar WordPress Plugin

SQL injection vulnerability in Booking Calendar WordPress Plugin Edwin Molenaar, July 2016

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Edwin Molenaar, July 2016

[SECURITY] [DSA 3637-1] chromium-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3637-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 31, 2016

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA Sipke Mellema, July 2016

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin Bente Schopman, July 2016

Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP

Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP Marcel Vermeulen & Ed van der Vlies , July 2016

Huawei eSpace IAD Remote Information Disclosure Vulnerability

Title: Huawei eSpace IAD Remote Information Disclosure Vulnerability Software : eSpace IAD Software Version : Equipment type : eSpace IAD208E(M) PCB version : AG21CSPG VER.A Product name: TS0801 and TS0802 Program version : V300R001C07SPC800 BIOS version :

[SECURITY] [DSA 3634-1] redis security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3634-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond July 30, 2016

[SECURITY] [DSA 3636-1] collectd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3636-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond July 30, 2016

Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492)

Details === Product: MTK platform:MT6595 -- MT6797 Security Risk: High CVE ID: CVE-2016-6492 Credit: unLimit Security Group Introduction 1.