Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.
Monthly Archives: September 2016
Ubuntu Security Notice USN-3078-1
Ubuntu Security Notice 3078-1 – Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
HP Security Bulletin HPSBGN03572 1
HP Security Bulletin HPSBGN03572 1 – A potential vulnerability has been identified in HPE Performance Center. The vulnerability could cause remote user validation failure. Revision 1 of this advisory.
HP Security Bulletin HPSBST03640 1
HP Security Bulletin HPSBST03640 1 – A potential security vulnerability has been identified in HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr). This vulnerability could be locally exploited to allow access restriction bypass. Revision 1 of this advisory.
iOS 10 Security Updates Move to HTTPS
Today’s release of iOS 10 also included patches for seven vulnerabilities and the news that security updates will now be delivered by HTTPS connections.
Adobe Back With New Flash Player Security Update
After a month without Flash Player security patches, Adobe today updated the software addressing 29 vulnerabilities.
Microsoft Releases September 2016 Security Bulletin
Original release date: September 13, 2016
Microsoft has released 14 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the following Microsoft Security Bulletins MS16-104 through MS16-117 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
324,000 Financial Records with CVV Numbers Stolen From A Payment Gateway
Around 324,000 users have likely had their payment records stolen either from payment processor BlueSnap or its customer Regpack; however, neither of the company has admitted a data breach.
BlueSnap is a payment payment which allows websites to take payments from customers by offering merchant facilities, whereas RegPack is a global online enrollment platform that uses BlueSnap to process the
Android getpidcon Binder Service Replacement
Android has an issue where racy getpidcon usage permits binder service replacement.
MS16-SEP – Microsoft Security Bulletin Summary for September 2016 – Version: 1.0
Revision Note: V1.0 (September 13, 2016):
Summary: This bulletin summary lists security bulletins released for September 2016.