ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability
Monthly Archives: June 2016
Bugtraq: [SECURITY] [DSA 3593-1] libxml2 security update
[SECURITY] [DSA 3593-1] libxml2 security update
Bugtraq: Notilus v2012 R3 – SQL injection
Notilus v2012 R3 – SQL injection
Bugtraq: [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability
CVE-2016-0908
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
CVE-2016-1390
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
CVE-2016-1391
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.
WP Mobile Detector Vulnerability
Original release date: June 03, 2016
WP Mobile Detector, a WordPress plugin, contains a vulnerability in versions prior to 3.6. Exploitation of this vulnerability could allow an attacker to take control of an affected website.
US-CERT encourages users and administrators to review the WP Mobile Detector Changelog for more information and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3594 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.
Magento 2.0.6 Unserialize Remote Code Execution
This Metasploit module exploits a PHP object injection vulnerability in Magento 2.0.6 or prior.