[SECURITY] Fedora 26 Update: xstream-1.4.9-5.fc26

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

CVE-2016-5756

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,...

[SECURITY] Fedora 25 Update: drupal7-metatag-1.21-1.fc25

The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...

[SECURITY] Fedora 24 Update: drupal7-metatag-1.21-1.fc24

The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...

Debian DSA-3794-1 : munin - security update

Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...

MS12-030: Description of the security update for Office Graph 2007: May 8, 2012

MS12-030: Description of the security update for Office Graph 2007: May 8, 2012 INTRODUCTION Microsoft has released security bulletin MS12-030. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS12-030: Description of the security update for Office Graph 2010: May 8, 2012

MS12-030: Description of the security update for Office Graph 2010: May 8, 2012 INTRODUCTION Microsoft has released security bulletin MS12-030. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...

Fortinet FortiWAN Command Injection Vulnerability

Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A command injection vulnerability exists in the diagnosiscontrol.php page in the Fortinet FortiWAN network load balancing appliance. The vulnerability can be exploited to inject arbitrary operating system commands with...

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m...

bugzilla: cross-site scripting

An attacker can craft a malicious summary within a bug report to host malicious javascript code. This code will be served to a user when he or she navigates to the bug's dependency graph...

Open Source Intelligence and Forensics : Maltego

Maltego is an open source intelligence and forensics application Maltego is a visual link analysis tool that, out the box, comes with open source intelligence OSINT plugins, called transforms. The tool offers real-time data mining and information gathering as well as the representation of this...

[SECURITY] Fedora 24 Update: binutils-2.26-18.fc24

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

Cacti graph_view.php SQL Injection Vulnerability

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. A SQL injection vulnerability in Cacti graphview.php allows attackers to exploit the vulnerability to execute arbitrary SQL commands...

Generic Android Deobfuscator: Simplify

Simplify uses a virtual machine to execute an app and understand what it does. Then, it applies optimizations to create code that behaves identically but is easier for a human to understand. It is a generic deobfuscator because it doesn’t need any special configuration or code for different types...

DEBIAN-CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

UBUNTU-CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

Graph Maker - Certificates or keys found, External URLs, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Graph Maker published at the 'play' market has multiple vulnerabilities...

Vimeo: Private, embeddable videos leaks data through Facebook & Open Graph

Clip meta-data disclosed to thrid-party crawlers...