The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.
15e844ae6193dee99a1f13d80853248247c00f3baaac1706b37ffdc2478eb54a
Microsoft Internet Explorer has a read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout issue.
b53f8e4c4ebe84b15587cf2408a4e03b8bba9fce031e88a6b70310b5cab23a39
HP Security Bulletin HPSBGN03558 1 - A potential security vulnerability has been identified with ArcSight ESM and ESM Express. The vulnerability could be remotely exploited to allow disclosure of sensitive information. Revision 1 of this advisory.
28d0bc2f388a200af3b1537d9e5168c41fd4215d9f8a4f0c1be046c2a7f360b7
Ubuntu Security Notice 2935-1 - It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, or possibly bypass authentication. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
d110bf2dafaa23143df1fbb2f1b980d26ab199a82f114251a10d01f4de388c86
Ubuntu Security Notice 2930-3 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
707b4c115844dc4faebd1fec2fb66e92b60bc56880df0b10e6b9c05bdd62934a
Debian Linux Security Advisory 3518-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection.
dc72260fecc1752a6e3c4c3ff2f6053dcd0afb084cb39dc1e3ad48e6d3f2b37f
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.1 and -current to fix security issues.
63e7436a20b7f16a9193f2d1c474e58f41258cf6ffd9a05661a2fc963ef50202
Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
1c99e71a3fad9650a752f68bbbef7c024a33b46b4b822521373fefb124404fdb
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
215db863dcdeca863fb174fd724d9d0cdd0c4653f30eb69dab71e49afcaeda6c
Apache TomEE versions 7.0.0-M3 and 1.7.4 have been released to address the vulnerability in CVE-2016-0779.
7a86eadc9d1a0c572c427b8b770a26e63f25a4bbeb52d74b04a4cdb22d7e750c
Litecart CMS version 1.3.4 suffers from a cross site scripting vulnerability.
4cb7456694a81224960fbf8001ba720d140582b309f4096d0341ed93e2691c6d
The Netgear CG3000v2 cable modem fails to validate an admin's old password prior to changing to a new one. It also appears to suffer from cross site request forgery issues.
60a9f0aaa0dd1bda3794476688930f7d44eef4e51d60f57a34808b39c96672ff
Netwrix Auditor version 7.1.322.0 suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the 'sourceFile' string parameter in PackFile() and UnpackFile() functions in 'Netwrix.Common.CollectEngine.dll' library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute arbitrary code.
db825249db3363632ce5398e5a1a478c8eb43957adac1cbc99ffdd9d41d19e51
BSides Las Vegas 2016 has announced its Call For Papers. It will take place August 2nd and 3rd, 2016, in Las Vegas, Nevada.
47f535e27fa7797f9e5e41782d91a6f18a81f1d91be895e77faebcdf3ea369a4
Chamilo LMS version 1.10.2 suffers from a cross site scripting vulnerability.
12f915c60ca619847a0cd7048a890848d0bc5b2449afdcc3e307a8cc7c233372