Dolibarr versions 3.5 and 3.6 suffer from an html injection vulnerability.
9f00b2420b60681ea925cc5da4b190b35ab50e4a25ec8237ea484ea6ff025c54
PonyOS versions 3.0 and below ELF loader privilege escalation exploit.
5c60cb1d2f49bf795a8889604606129d0372cc6882e3aade50ddafda87ca714c
PonyOS versions 3.0 and below VFS privilege escalation exploit.
ef480619bfd3cba06fec4e08ff8068c41ddf33aebf80b9fb5a1574099b479586
HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3
HP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
cb810cc00faa60f39ac5e93a3c429e996fe9dc854eeaed218dbb42a7380d0270
Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.
e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551e
HP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
36ba059b9acedf2bacaf76b60979c8057c5973ea903070f309a681ca4a388e4a
HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489
HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597d
Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.
a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bff
This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9a
Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
e20ef0dd89ff88caf92c753721ba8454b95e56f6cc1668c930745008c71c7246
Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.
4020cca47ad48bad8205cc27d4fc29cfb9c596aa0ec345c05d58ff93a38af714
ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.
ca946d1c96a67953dcdbf356af61138199a591b19f2e94b31632830e11113290
This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.
bbc82f1d4197ab39b95472137a8ac96adbcfc361152b02976825089cc906d144
Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.
a557a41cc14f0fa4371e88173d14cc9d2536437e1d9f3a70dba00fcae55b4b4b
JSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
8c8845746909deb94bd650f31176c3002998cc354834cd3fceef8f287bc9ffb3
SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.
b2f2c880262864949aed2787d7dbd1a1af58648ac6dc6fce4d75c119ce30c8a3
HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.
355c585f8c958b94f6362d293f801561c9df1b4c0315d1c836d83e169585da08
Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
ccc8d7042208971ccc1a5b517c5d3acce70ae9a88bb02dfb50ca9bb3a7a31ca2
Vevocart version 6.1.0 suffers from an open redirection vulnerability.
d7f23912aab51e824ef12b4488419191ca88592fdd7e16d5a9c8952118503303
Red Hat Security Advisory 2015-1036-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.
d2e0c17affa830afe1a1ad1eff98ae0f3a89714fee0222c369f3e0e243d70634
IBM Cognos Business Intelligence Developer version 10.2.1 suffers from an open redirect vulnerability.
28924269aaba0ce326079ba87bd57cf6995c1fd3254a0b20b6537b162200cbc8
Red Hat Security Advisory 2015-1035-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.
e694d8ca9b7e3ffb1d3dd16773c21b80781c27b7ec0d8faf9f2bbe5dfdb9323a
SEARCH-LAB performed an independent security assessment on four different D-Link devices. The assessment has identified altogether 53 unique vulnerabilities in the latest firmware (dated 30-07-2014). Several vulnerabilities can be abused by a remote attacker to execute arbitrary code and gain full control over the devices.
1171f7b6ef3b9988b436da7e93b267aab8de442398c22cf0acfa717cbfa2ab37