Apple Security Advisory 2016-07-18-2 - iOS 9.3.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.
c6de9fc2d249bae04651d8b2646e67da6b9b36ca615e81469850e66356b82bdd
Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.
a2d9354c4a7f6ea06efa521cdd6516fbf0a138a5ca0981e16938eab249ee9d7d
Ubuntu Security Notice 3039-1 - It was discovered that Django incorrectly handled the admin's add/change related popup. A remote attacker could possibly use this issue to perform a cross-site scripting attack.
d312deca62b6bc115c201ca36286e9a7ca576fd38cca9f1acd440341e420a96a
Debian Linux Security Advisory 3622-1 - It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin's add/change related popup.
9c58635ddf4b881bad27de51794b4f2b9546323a9f77575aa1be164dd5d0741b
Joomla AI Contact Safe component version 2.0.20 suffers from remote shell upload and remote SQL injection vulnerabilities.
c2049eb4e581359332ad485b7117f2e4f2f2b171a2358e6c2fee94769b99b858
PHP Planner versions 0.4 and below suffer from a remote SQL injection vulnerability.
b3c9ad95bd64e3f87af6abac18feb54eaf0483f5417b636e25885836b06e827d
Various Eclipse installers suffer from a dll hijacking vulnerability.
84b5c68827c357cd3a4657dba69c010f190130548f9e8a0dd72d6263002c004d
Django version 3.3.0 suffers from a malicious client-side script insertion vulnerability.
1f58284db9e8efd2a244e0272399d1285a2bfa2dba0aa1453cc6653a18df215e
hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
0283791b91db9dd7ee7431d8975c63419c73232945b76eedcefbe12becfa19c4
hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
54fe501ecc7b5246aaf92eef3f6afc23f985f721ef8d53e5ce5fda7d680f46a2
Red Hat Security Advisory 2016-1435-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.9 Release Notes, linked to in the References. Multiple security issues have been addressed.
dec36409f1db8464a059ab01e8ba22bb42c5d3313fb7fb064859dda6b2cd0963
Red Hat Security Advisory 2016-1434-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
9a8e4409727b247a7ebae466821413f642efde07ee3e7723a5c7ce8f773ea250
Red Hat Security Advisory 2016-1433-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
35bd8a4148689c1a27929208cf6843e664a746e2a01785a0dec3a04ff5e0c5f2
Red Hat Security Advisory 2016-1432-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.9. Multiple security issues have been addressed.
6f3886566e926a59135b67d8dd635deae1b47778fd8b00f54cfa44a2c8520776
Meinberg NTP Time Server ELX800/GPS M4x version 5.30p suffers from remote command execution and privilege escalation vulnerabilities.
6f1633ae04e491afc092bd0cc7bf524f422ae1a8b4cace3c75f7cbe230c2861a
OpenSSHD versions 7.2p2 and below user enumeration exploit.
b69a28b747a4fe5a117cdc11aded97dd15df51cde6788bd96001aa8f57bc36a6
Axis Communications MPQT/PACS Server Side Include (SSI) remote format string exploit that provides a connect-back root shell.
581d58f31b42ec0fd4f623e4f07fe9d1a20069ed433eac4bbf372d1675a12c75
Red Hat Security Advisory 2016-1420-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
7cede861a05dabf8a87aa3760a62b71b991e7fc3605adcc358f10a01192a48e5
Ubuntu Security Notice 3023-1 - It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
3fe98ccb366eec5429c1c3e2cb265917ff74bc9ce1c34996d652c69f97e7db00
Ubuntu Security Notice 3038-1 - It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests.
74e95b5addef4fc8153088ab09870ab4f82e6df17b22f4b1bc874aa554309f32
Red Hat Security Advisory 2016-1421-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
436fc4e839cc2887a759542674a0dc2989aec34c7b74fe6ed4b9921e48d2096d
Red Hat Security Advisory 2016-1422-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
87acaf1ab290cbcda124e1031ca7e28dc94b6eaedf153777e3ce2d06a749ae8b
Debian Linux Security Advisory 3621-1 - A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes.
50e10d38c3a83eef01688935a8575bd4219f7fbd2d682f2937b749a2ed5fba3e
Red Hat Security Advisory 2016-1430-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2e0dead1b133f8a72d51a82a75b7622573a3e29ce6a7ae5ab0f9a63e34cd23a3
Debian Linux Security Advisory 3620-1 - Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code.
d90effb448b50288f53be7ccd3c3b9c1a05aba6fa608eaa71df88a26c8d7a457