Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.
Monthly Archives: December 2016
DSA-3750 libphp-phpmailer – security update
Dawid Golunski discovered that PHPMailer, a popular library to send
email from PHP applications, allowed a remote attacker to execute
code if they were able to provide a crafted Sender address.
GLSA 201612-50: Openfire: Multiple vulnerabilities
GLSA 201612-56: Xen: Multiple vulnerabilities
GLSA 201612-51: Icinga: Privilege escalation
GLSA 201612-53: CyaSSL: Multiple vulnerabilities
GLSA 201612-55: libjpeg-turbo: User-assisted execution of arbitrary code
GLSA 201612-52: Pillow: Multiple vulnerabilities
GLSA 201612-54: Chicken: Multiple vulnerabilities
Vuln: libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability