MySQL 0days followup (CVE-2016-3477) CVSS 8.1
July 2016 - Bamboo Server - Critical Security Advisory
[SECURITY] [DSA 3629-1] ntp security update
XStream CVE-2016-3674 XML External Entity Multiple Information Disclosure Vulnerabilities
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
PHP 'zip_stream.c' Integer Overflow Vulnerability
PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
PHP 'snmp.c' Denial of Service Vulnerability
PHP 'exif_process_IFD_in_MAKERNOTE' Out of Bounds Read Information Disclosure Vulnerability
PHP 'session.c' Use After Free Remote Code Execution Vulnerability
PHP 'zend_virtual_cwd.c' Integer Overflow Vulnerability
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

The suspected hacking of a Democratic National Committee consultant's personal Yahoo Mail account provides new evidence that state-sponsored attackers penetrated deeper than previously thought into the private communications of the political machine attempting to defeat Republican nominee Donald Trump.

According to an article published Monday by Yahoo News, the suspicion was raised shortly after DNC consultant Alexandra Chalupa started preparing opposition research on Trump Campaign Chairman Paul Manafort. Upon logging in to her Yahoo Mail account, she received a pop-up notification warning that members of Yahoo's security team "strongly suspect that your account has been the target of state-sponsored actors." After Chalupa started digging into Manafort's political and business dealings in Ukraine and Russia, the warnings had become a "daily occurrence," Yahoo News reported, citing a May 3 e-mail sent to a DNC communications director.

(credit: Yahoo News)

It was one of more than 19,000 private DNC messages posted to WikiLeaks on Friday. The massive e-mail dump came five weeks after DNC officials said hackers with backing from the Russian government had breached its network and made off with opposition research into Trump and almost a year's worth of private e-mail. The airing on WikiLeaks, which included messages in which DNC officials derided Democratic candidate Bernie Sanders, has already led to the resignation of Chair Debra Wasserman Schultz. Now, the revelations about Chalupa's Yahoo account suggest the hack may have gone deeper than previously reported.

Read 3 remaining paragraphs | Comments

[SECURITY] [DSA 3628-1] perl security update
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch
XSS and SQLi in huge IT gallery v1.1.5 for Joomla

You don" />

This time, the extracted shellcode file doesn" />

It" />

Here is the recovered source code (shellcode.pyc_dis):

Didier Stevens
Microsoft MVP Consumer Security

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Cross-Site Scripting in Code Snippets WordPress Plugin
[SECURITY] [DSA 3627-1] phpmyadmin security update
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr
Neoscreen v4.5 Blind SQL injection
Neoscreen v4.5 Authentication bypass
Neoscreen v4.5 Cross-site scripting
CA20160721-01: Security Notice for CA eHealth
[slackware-security] bind (SSA:2016-204-01)
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Cross-Site Scripting in Contact Form to Email WordPress Plugin
Internet Storm Center Infocon Status