A Server Side Request Forgery vulnerability exists in ImageMagick. A remote attacker may exploit this issue by making a specially crafted HTTP or FTP request. Successful exploitation would allow attackers to create HTTP or FTP requests on behalf of the vulnerable server.
Monthly Archives: June 2016
STOP Sharing that Facebook Privacy and Permission Notice, It's a HOAX
Recently, you may have seen some of your Facebook friends started posting a Facebook “Privacy Notice” clarifying that they no longer give Facebook permission to use their photos, personal information, and so on.
The Privacy message looks something like this:
<!– adsense –>
“From Monday, 27th June, 2016, 1528 IST, I don’t give Facebook permission to use my pictures, my information or my
Bugtraq: [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
Bugtraq: [KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
Bugtraq: KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution
Bugtraq: Symantec SEPM v12.1 Multiple Vulnerabilities
Symantec SEPM v12.1 Multiple Vulnerabilities
RHEA-2016:1350-1: Red Hat Enterprise MRG Realtime 2.5 enhancement update
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are
now available for Red Hat Enterprise MRG 2.5.
RHBA-2016:1349-1: lvm2 bug fix update
Red Hat Enterprise Linux: Updated lvm2 packages that fix one bug are now available for Red Hat Enterprise
Linux 7.
CVE-2015-8698
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-8699
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.