File Pro Mini version 5.2 suffers from command injection and local file inclusion vulnerabilities.
61cea2d0f359c24b386460b827adaf2a360bd5c83cb5f78946a2cc9790c4555a
VeryPhoto version 3.0 suffers from a command injection vulnerability.
a176d6e3ecc622dc3aa6b5a3e580652f3cd38b8d3c1db5d1822ae3490e2b1984
Sim Editor version 6.6 stack-based buffer overflow exploit.
0f061824fc59baa0d38bfd9364ff194c26e0a2185d52c693740a5897afacaa48
Facebook Mobile allowed for a name change prior to the 60 day limit.
e9022186bc9182406a9f7e6e9807d1d8c75ccb9ffbc563e752cb736aac563f8b
CatBot version 0.4.2 suffers from a remote SQL injection vulnerability.
8ca8d8041febb4bd7e87451a3b49b4a0db8053b94320613163e2349fd83ba080
Pandora FMS version 5.1 SP1 suffers from a persistent cross site scripting vulnerability in the SNMP editor.
e6fd854ee49192290abf5846acc7a072a9debbbaa248635f0fc0042fbd716a1b
Mandriva Linux Security Advisory 2015-027 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
8db2a8779b1b5045f0e914377584f2e707328f0f91ef09e5a26429ff9fa5d67c
Debian Linux Security Advisory 3129-1 - Two vulnerabilities have been discovered in the RPM package manager.
77424e485f26ee7c5f94bde26c163e06105007157e64c8ced2bb3db148881a5d
The function CryptProtectMemory allows an application to encrypt memory for one of three scenarios, process, logon session and computer. When using the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) the encryption key is generated based on the logon session identifier, this is for sharing memory between processes running within the same logon. As this might also be used for sending data from one process to another it supports extracting the logon session id from the impersonation token. The issue is the implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session. This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section. This is the proof of concept code that demonstrates the issue. This affects Windows 7, 8.1 Update 32/64 bit.
4209894f8317e6b800fd3d23f74c828d6c6e1b7528046ac121ee759f36fecc03
Alienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.
a68baa3bbf3f63879d7b7f3eaa8c9b8bc017abc0c0112daba2b272eca6043950
Mandriva Linux Security Advisory 2015-025 - A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer.
faf385a85cf1c88fa556f099c4b6a266ec941d0921e50ed80518b9a698ee0475
Mandriva Linux Security Advisory 2015-026 - Updated unrtf package fixes various crashes.
4b2027d0c7d4d18148bf835d25987f1f3c2805aec5220887d7ac959db9db143e
Mandriva Linux Security Advisory 2015-024 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.
11b200e14f9debb834664d4152a9875616368d0736a52a6a9b0911f2bffe6505
Mandriva Linux Security Advisory 2015-023 - The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
3b9e926c5fdecb27c682d9a45247c187e91b7779b1fea3239e09cab6ad24c23c
Debian Linux Security Advisory 3128-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.
0af5ff077c785b67bdc9d4201ec4c67ff2526a3bd6be795149b48a9c19c69bf9