Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.
8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3b
A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.
c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923
The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.
eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492
DaloRadius suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
dac44b7efab3b59bb2bece48236156df6cdf384dff8f1629a610c458be0fe847
The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80. Firmware version 1.0.2 is affected.
9498ec7c2d7d5276591c2ebc8509ab56201a5acf174aead7063bf8fe2488c95c
The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.
d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0f
The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.
162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606be
Debian Linux Security Advisory 2648-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.
3fc375a47b826db087cce2564e87b9c320aab1c05447a531e7f739a3bf803897
Debian Linux Security Advisory 2647-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.
d47fae449bdaf311c4618b1ae36fe78802d600ce4163213705762394cfc40e0f
Dumpzilla extracts all forensically interesting information from Firefox, Iceweasel and Seamonkey browsers. Written in Python.
65a9d9d995e274d497b0bd3c11c2720735a0a5e970ce551bfa3eff7cec43ee9c
Apple Security Advisory 2013-03-14-2 - Safari 6.0.3 is now available and addresses multiple security issues. These fixes address memory corruption issues and cross site scripting.
e8fb3bcee240bccc74fd00148304720bad83d31d8a9f970f1f2b7ebd82d86810
Apple Security Advisory 2013-03-14-1 - OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.
1e8f51ffad32ee5ec0c6272e89d6a3912ef63b3f493ec6bce9c955e8f09dc3f6
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
8527754e7eb235317e37a50706d94d3fc9d880fd0bf6f3cb83757d64a720e9ff
Some Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).
08146370ff7e87193e0ac650501ba578d139728fdb5da79083867c3d68983b6c
WordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.
a3e13cf6b95a3336ab25ac8195f16b3844e2f53413a7db2fbea7d99a9a980665
Petite Annonce version 1 suffers from a cross site scripting vulnerability in moteur-prix.php.
4d7c27491eec42b373a976e3e8c93b8036534ebe80480c62b3a9c04bc029abf3
Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix a security issue.
80bbc6d84cb40341c297e1e014e7810347e1070ca8f87dcb025b3c74358b6a88
Slackware Security Advisory - New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-1667.
61afc6e373cc8a2593e5f9cf519ab0b62c9ed5882774a848c94de205325acb57
Ubuntu Security Notice 1763-2 - USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.
14c2109289cf639924ee155649aaf99f56995b1e908629a630645e7226d2101b
Ubuntu Security Notice 1763-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
0169b782ecce9f3cb1ee538627164630ed963e7b52a23bd3d0008dc583acfa40
Red Hat Security Advisory 2013-0649-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.
25b335c51975b777b1647472a9f39f2461c65c9b63d4d975008ba45dbcefdb56
Red Hat Security Advisory 2013-0647-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.
cae7f2723e72a831376fbdd1d9a7180b3d68ef9063766a4141634d2342c6f76a
Red Hat Security Advisory 2013-0648-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.
622d29c2160f22699e5b7c9c65fa1deed1df2ed503b5aef7ffd26ac8ce417669
Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.
b3c19a4366ad523734159f85e06904742d756e830065660510bfdc31ede59ef8
Ubuntu Security Notice 1764-1 - Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator's Swift and/or S3 credentials via the response headers when requesting a cached image.
5f7ca5e0136683964cdafe38aa284436d2548ccb00bf399c52adc234b66f7bd6