Feed aggregator

4.7-rc5: mainline

Linux Kernel Updates - June 26, 2016 - 7:52pm
Version:4.7-rc5 (mainline) Released:2016-06-27 Source:linux-4.7-rc5.tar.xz PGP Signature:linux-4.7-rc5.tar.sign Patch:patch-4.7-rc5.xz

4.6.3: stable

Linux Kernel Updates - June 24, 2016 - 12:22pm
Version:4.6.3 (stable) Released:2016-06-24 Source:linux-4.6.3.tar.xz PGP Signature:linux-4.6.3.tar.sign Patch:patch-4.6.3.xz (Incremental) ChangeLog:ChangeLog-4.6.3

4.4.14: longterm

Linux Kernel Updates - June 24, 2016 - 12:18pm
Version:4.4.14 (longterm) Released:2016-06-24 Source:linux-4.4.14.tar.xz PGP Signature:linux-4.4.14.tar.sign Patch:patch-4.4.14.xz (Incremental) ChangeLog:ChangeLog-4.4.14

3.14.73: longterm

Linux Kernel Updates - June 24, 2016 - 12:15pm
Version:3.14.73 (longterm) Released:2016-06-24 Source:linux-3.14.73.tar.xz PGP Signature:linux-3.14.73.tar.sign Patch:patch-3.14.73.xz (Incremental) ChangeLog:ChangeLog-3.14.73

#146416 Ruby:HTTP Header injection in 'net/http'

BugTraq Latest Security Advisories - June 24, 2016 - 8:03am

Posted by redrain root on Jun 24

TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.214','80')
res = http.get("/r.php HTTP/1.1\r\nx-injection: memeda")

Example

Server Code:...
Categories:

Bugtraq: [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities

[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
Categories:

Bugtraq: ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability
Categories:

Bugtraq: Open-Xchange Security Advisory 2016-06-22

Open-Xchange Security Advisory 2016-06-22
Categories:

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

BugTraq Latest Security Advisories - June 24, 2016 - 7:50am

Posted by SEC Consult Vulnerability Lab on Jun 24

SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version: 3.0.0.4_380_3679
CVE number: requested
impact: Medium
homepage: https://www.asus.com/
found:...
Categories:

[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability

BugTraq Latest Security Advisories - June 24, 2016 - 7:38am

Posted by Egidio Romano on Jun 24

-----------------------------------------------------------------------------
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and other versions.

[-] Vulnerability Description:

The vulnerable code is located within the MySugar::addDashlet() method:...
Categories:

[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities

BugTraq Latest Security Advisories - June 24, 2016 - 7:26am

Posted by Egidio Romano on Jun 24

---------------------------------------------------------
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
---------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabilities Description:

1) The vulnerable code is located in the /include/utils/array_utils.php script:

99. function...
Categories:

[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities

BugTraq Latest Security Advisories - June 24, 2016 - 7:16am

Posted by Egidio Romano on Jun 24

--------------------------------------------------------------
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabilities Description:

The application fails to properly check whether the user has administrator privileges within the following...
Categories:

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability

BugTraq Latest Security Advisories - June 24, 2016 - 7:06am

Posted by Egidio Romano on Jun 24

------------------------------------------------------------------------------
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.23 CE and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the...
Categories:

Bugtraq: [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability

[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability
Categories:

Bugtraq: [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability

[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability
Categories:

next-20160624: linux-next

Linux Kernel Updates - June 24, 2016 - 1:52am
Version:next-20160624 (linux-next) Released:2016-06-24

next-20160623: linux-next

Linux Kernel Updates - June 23, 2016 - 2:00am
Version:next-20160623 (linux-next) Released:2016-06-23

3.18.36: longterm

Linux Kernel Updates - June 22, 2016 - 11:03pm
Version:3.18.36 (longterm) Released:2016-06-23 Source:linux-3.18.36.tar.xz PGP Signature:linux-3.18.36.tar.sign Patch:patch-3.18.36.xz (Incremental) ChangeLog:ChangeLog-3.18.36

4.1.27: longterm

Linux Kernel Updates - June 22, 2016 - 11:01pm
Version:4.1.27 (longterm) Released:2016-06-23 Source:linux-4.1.27.tar.xz PGP Signature:linux-4.1.27.tar.sign Patch:patch-4.1.27.xz (Incremental) ChangeLog:ChangeLog-4.1.27

Bugtraq: Magic values in 32-bit processes on 64-bit OS-es and how to exploit them

Magic values in 32-bit processes on 64-bit OS-es and how to exploit them
Categories: