Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881...

SAP HANA Developer Edition DB Eval Injection Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP, Germany, of which SAP HANA Developer Edition DB is a development version of the database. An Eval injection vulnerability exists in the test-net.xsjs file in the Web-based Development Workbench for SAP HANA Developer Editi...

[SECURITY] Fedora 22 Update: lxdm-0.4.1-10.fc22

LXDM is the future display manager of LXDE, the Lightweight X11 Desktop environment. It is designed as a lightweight alternative to replace GDM or KDM in LXDE distros. It's still in very early stage of development...

Cross site scripting

Cross-site scripting XSS vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898...

Sql injection

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

Cross site scripting

Cross-site scripting XSS vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898...

CVE-2015-7725

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the 1 remoteSourceName in the dropCredentials function or unspecified vectors in the 2 setTraceLevelsForXsApps...

[SECURITY] Fedora 22 Update: icu-54.1-4.fc22

Tools and utilities for developing with icu...

[SECURITY] Fedora 22 Update: php-5.6.14-1.fc22

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 23 Update: php-5.6.14-1.fc23

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Multiple Adobe Products Input Validation Vulnerabilities

Adobe Flash Player, Adobe AIR SDK, and Adobe AIR SDK & Compiler are products of Adobe, Incorporated.Adobe Flash Player is a multimedia player; Adobe AIR SDK and Adobe AIR SDK & Compiler are standard development kits for Adobe AIR a cross-OS runtime environment. Adobe Flash Player is a multimedia...

flash-plugin: multiple code execution issues fixed in APSB15-23

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service...

Online Automated Tasks: Huginn

Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn’s Agents create and consume events, propagating them along a directed graph. Think of it as a hackable Yahoo! Pipes plus IFTTT on yo...

Weevely3 - Weaponized Web Shell

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30...

Debian DSA-3358-1 : php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to new upstream versions 5.4.45 and 5.6.13, which include additional bug fixes. Please refer to the upstream changelog...

[SECURITY] [DSA 3358-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2015 https://www.debian.org/security/faq -...

Moderate: Red Hat Security Advisory: python-django security update

Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores...

Raritan PowerIQ Default Accounts

Hello list, Raritan PowerIQ ships with a few default accounts and passwords/hashes. For the web interface, there are technically 3 default users. webapi:sl33p30F00dumass! epiqapi:raritan admin:raritan You can technically authenticate with the epiqapi user on the web interface and the PowerIQ API,...

FTC, Experts Push Startups to Think About Security From the Beginning

About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go...