Feed aggregator

[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

BugTraq Latest Security Advisories - August 22, 2016 - 4:22am

Posted by security-alert on Aug 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731
Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and
PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Path traversal vulnerability in WordPress Core Ajax handlers

BugTraq Latest Security Advisories - August 22, 2016 - 4:05am

Posted by Summer of Pwnage on Aug 22

------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...
Categories:

next-20160822: linux-next

Linux Kernel Updates - August 22, 2016 - 12:19am
Version:next-20160822 (linux-next) Released:2016-08-22

Vuln: Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability
Categories:

Vuln: Red Hat JBoss Operations Network CVE-2016-6330 Incomplete Fix Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Red Hat JBoss Operations Network CVE-2016-6330 Incomplete Fix Remote Code Execution Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2016-3511 Local Security Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Oracle Java SE CVE-2016-3511 Local Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2016-3422 Remote Security Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Oracle Java SE CVE-2016-3422 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability

Security Focus Latest Security Advisories - August 21, 2016 - 11:00pm
Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
Categories:

4.8-rc3: mainline

Linux Kernel Updates - August 21, 2016 - 6:14pm
Version:4.8-rc3 (mainline) Released:2016-08-21 Source:linux-4.8-rc3.tar.xz PGP Signature:linux-4.8-rc3.tar.sign Patch:patch-4.8-rc3.xz

4.7.2: stable

Linux Kernel Updates - August 20, 2016 - 11:11am
Version:4.7.2 (stable) Released:2016-08-20 Source:linux-4.7.2.tar.xz PGP Signature:linux-4.7.2.tar.sign Patch:patch-4.7.2.xz (Incremental) ChangeLog:ChangeLog-4.7.2

4.4.19: longterm

Linux Kernel Updates - August 20, 2016 - 11:09am
Version:4.4.19 (longterm) Released:2016-08-20 Source:linux-4.4.19.tar.xz PGP Signature:linux-4.4.19.tar.sign Patch:patch-4.4.19.xz (Incremental) ChangeLog:ChangeLog-4.4.19

3.14.77: longterm

Linux Kernel Updates - August 20, 2016 - 4:53am
Version:3.14.77 (longterm) Released:2016-08-20 Source:linux-3.14.77.tar.xz PGP Signature:linux-3.14.77.tar.sign Patch:patch-3.14.77.xz (Incremental) ChangeLog:ChangeLog-3.14.77

Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability

Security Focus Latest Security Advisories - August 19, 2016 - 11:00pm
WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability
Categories:

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

BugTraq Latest Security Advisories - August 19, 2016 - 6:22am

Posted by Florian Bogner on Aug 19

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud's Desktop client version 2.2.2
Tested on: Windows 7 64 bit
CVE : pending
URL: https://bogner.sh/2016/08/horizontal-privilege-escalation-in-ownclouds-windows-client/...
Categories:

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

BugTraq Latest Security Advisories - August 19, 2016 - 6:13am

Posted by Justin Bull on Aug 19

Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
-------------
4.2.0 or apply this commit[0]

Problem:
--------
Doorkeeper failed to implement OAuth...
Categories:

Bugtraq: [SYSS-2016-055] QNAP QTS - OS Command Injection

Security Focus Latest Security Advisories - August 19, 2016 - 5:00am
[SYSS-2016-055] QNAP QTS - OS Command Injection
Categories:

Bugtraq: [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

Security Focus Latest Security Advisories - August 19, 2016 - 5:00am
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
Categories:

next-20160819: linux-next

Linux Kernel Updates - August 18, 2016 - 11:08pm
Version:next-20160819 (linux-next) Released:2016-08-19