Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.

A local privilege escalation vulnerability has been identified in the JTVNCProxy Windows service in JAWS version 13.0 and earlier. When installed, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. It should be noted that this vulnerability is not present in versions of JAWS from version 14 onwards.

The BugCON 2016 call for papers has been announced. BugCON will take place from November 4th through the 5th, 2016 in Mexico City.

AccelSite Content Manager version 1.0 suffers from a remote SQL injection vulnerability.

Monsta Box WebFTP suffers from an arbitrary file read vulnerability.

HP Security Bulletin HPSBGN03570 1 – A potential vulnerability has been identified in HPE Universal CMDB. The vulnerability could be exploited to allow remote disclosure of information and URL redirection. Revision 1 of this advisory.

Debian Linux Security Advisory 3544-1 – Several vulnerabilities were discovered in Django, a high-level Python web development framework.

Debian Linux Security Advisory 3545-1 – Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks.