EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise the affected system. By exploiting this vulnerability, remote unauthenticated users could download any document from the Docbase by knowing only the r_object_id of that document. Affected includes EMC Documentum D2 versions 4.5 earlier than patch 15 and EMC Documentum D2 versions 4.6 earlier than patch 03.
f8b711fb3cd37acdb19b7ded0e6ffaa24fa21db48de448f259119829f69c42cd
EMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.
c4c3f37a7b7355ed7a0f1f84276bb201809cad149d6a71b93db2e99a89a30789
This bulletin summary lists fourteen released Microsoft security bulletins for September, 2016.
24e69cf37393fa5d0b669a91818d9a0355ca984bcced40a8c16cbe8fbbefe726
Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.
922a5e1fd7a8d3e74cc2b4e09d237b3dd41e4acc621099a0adf20ff10239e9c8
HP Security Bulletin HPSBST03640 1 - A potential security vulnerability has been identified in HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr). This vulnerability could be locally exploited to allow access restriction bypass. Revision 1 of this advisory.
4af49f4c877c915fbebd9055f890d3255a1bd47b5b7e508f79f17ad85d1ccdd8
HP Security Bulletin HPSBGN03572 1 - A potential vulnerability has been identified in HPE Performance Center. The vulnerability could cause remote user validation failure. Revision 1 of this advisory.
714f9dc1cb140c3e1a6781191341cb64eb8d677cd760040a74a5a00bc543878f
Ubuntu Security Notice 3078-1 - Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
70fb5a6644f34b6d550d78bb097b4a44cfd9878ed35cb234d7e3bd0d2a2d75a8
Android has an issue where racy getpidcon usage permits binder service replacement.
644ba9d887dcdf537c7493e2bd3450f2d0cef598b6d99e9c8bc785a796ac86e5
Battle.Net version 1.5.0.7963 suffers from an insecure file permissions privilege escalation vulnerability.
229507ab5122db9b52ff5ed3b2d17270b0cc767b52dbde35844b0c9e61f43744
Open-Xchange Guard versions 2.4.2 and below suffer from multiple cross site scripting vulnerabilities.
b6b00b94ecd8a6eb1ccee7f194f7bf72d2f3738376ca2774dec5ff0fb5b81020
Open-Xchange App Suite versions 7.8.2 and below suffer from multiple cross site scripting vulnerabilities.
357ca5858f8f3f0f5e8af6faa2268fb1efd131b5eada5dfc41eb2ddb9239f572
ASUS DSL-X11 ADSL router unauthenticated remote DNS changer exploit.
93f34477ca80d1b371bd59eec1b073b39526d51e18f1d4b32ba199d040c8d367
Antisip libosip2 version 4.1.0 suffers from heap buffer overflow vulnerabilities that can lead to a denial of service.
4fb1846a03b8c8aac79c1ed6aff112685708fcfd67c525b4cfa54053a3f4db3a
Red Hat Security Advisory 2016-1856-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
b0341ca2ab1e5f356ac596459438c2dfa0c9b08c3f6fa314e3310209d709e77a
Red Hat Security Advisory 2016-1855-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix in rubygem-actionview: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
70bb64dcf8c9353bcb21bba544ed3251626be8563e6c58b30053f444f633ede9
Red Hat Security Advisory 2016-1857-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
ff94a8072670dd5e02057584a6ffb4f6febe917dd05953502954fe95f960dfe7
Red Hat Security Advisory 2016-1858-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
9d3e8c4dd25e586408c85a6de8a2a349896b9f80ce49b91e648a10f476e7e84f
wdCalendar version 2 suffers from a remote SQL injection vulnerability.
eda360a51a243d20689bf0175cc89da0fbc62420b76917350111b67ae7b0a19c
Cherry Music version 0.35.1 suffers from an arbitrary file disclosure vulnerability.
96b710d58bf275eab928be65aea31eae56eac18aee876021c06ecb76c47164df
637 bytes small Microsoft Windows x86 password protect TCP bind shell shellcode.
3ed580d8b755dbbf3ed35188735814aff589ee052051b98152bc9af672d25a2c
CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.
82753c89cb961457842b407e2a28042ca4dfbd896b15eb1555371fa0f3628dce
COMTREND ADSL router CT-5624 C01_R03 unauthenticated remote DNS changer exploit.
3f980e48cba96dc8f106f0e6c0a75038a0ee785b217fe44545a3d7abc69d1231
COMTREND ADSL router CT-5367 C01_R12 unauthenticated remote DNS changer exploit.
e480d4507c963ac594953ced80b3a31a9b8aab94fa5113694da85cd569cd31be
Tenda ADSL2/2+ modem version 963281TAN unauthenticated remote DNS changer exploit.
7a8d3c4dbd3667e98cf6bb464cb26347ffbb09d2667a28fd71f9f5506df04ea4
PLANET VDR-300NU ADSL Router unauthenticated remote DNS changer exploit.
8197ee2306f964cdd22efee0d369aace2490e04ef7b237eaf2035d705b1e7e58