[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure

CVE-2017-5648 Apache Tomcat Information Disclosure Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M17 Apache Tomcat 8.5.0 to 8.5.11 Apache Tomcat 8.0.0.RC1 to 8.0.41 Apache Tomcat 7.0.0 to 7.0.75 Apache Tomcat 6.0.x is not affected

[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure

CVE-2017-5651 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M18 Apache Tomcat 8.5.0 to 8.5.12 Apache Tomcat 8.0.x and earlier are not affected Description: The refactoring of the HTTP

DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities

, fix released Release Date: 20170410 Risk: Medium Full advisory available on the following URL: http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf # About DefenseCode DefenseCode L.L.C. delivers products and services designed

ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode

[Original post can be found here: https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-chromebooks-persist-certain-network-settings-in-guest-mode/] SUMMARY Certain network settings in ChromeOS / ChromeBooks persists between reboots when set in guest mode. These issues have been

Foscam All networked devices, multiple Design Errors. SSL bypass.

Two issues in one that nullify SSL in foscam devices: All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device. One devices SSL keys are

[slackware-security] libtiff (SSA:2017-098-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libtiff (SSA:2017-098-01) New libtiff packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 3827-1] jasper security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3827-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2017

[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03733en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03733en_us Version: 1

[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite

[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8 Description: Apache Ignite uses an update notifier component to update the users about new

D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download

# Title: D-Link DWR-116 Arbitrary File Download # Vendor: D-Link (www.dlink.com) # Affected model(s): DWR-116 / DWR-116A1 # Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU) # CVE: CVE-2017-6190 # Date: 04.07.2016 # Author: Patryk Bogdan (@patryk_bogdan) Description: D-Link DWR-116 with firmware