Ubuntu Security Notice 1782-1 - It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.
8016649df7936a08004b2ecb225d08e87a24eada7f4d4e8cc369501b71865951
This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43
This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.
c98b44143d435c087fc71dd51541d105f13f0b99cdf31def59cce893a060e474
Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
7ce9d396f6a8843def45150840621abd66a61195ea9967e14e7c6392d62f7a27
Cisco Security Advisory - The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.
6c8d5ab39e1579248c235ac0fb6d130f03287e1bfe1c2113cc6a6081582b9a36
Drupal Common Wikis third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.
0ead0c1b6461de562721b99bba7a816c5c188b5649caf9a8533d5386639df1ea
EMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.
883d4810ac2c6054019ce2ac8a31a3711e9315ccc3a0dc8dd3c1d89e8cf6b06d
Asterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.
7a1b07b00aaec1a54c4a018a3363c0392f9374f44ef12df07d9140f78bd6c056
Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
f65bd4e39e183642a6d2572c9a108eb5574fee859a6831d2e4f41be3dc70ee7e
Drupal Common Groups third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.
f669c1b9745c7be65686fd69d8357c49ea773ce0b1124fee20ef6d5c5668bc43
Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
d8a9ebcc5bcdbb846ebb55212f513487470545447c60d9e5baa8b680cb2e36b9
Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.
6dbcc321fa05a34d90ae2594f9ee9d1f4e3a55fa0610c69189ee26ee7c7e8f70
Drupal Rules third party module version 7.x suffers from a cross site scripting vulnerability.
f2f8ca4e2b4ae29b0c45ac10b1bad3aa48a53157f2aaec80b06f22bcc52c9cd0
BlazeDVD Free Edition version 6.1.1.6 suffers from a buffer overflow vulnerability.
bdbc3385b746b6b0cb6e4960656a9e6c260df28173c52e32937cf108929fe845
Cisco Security Advisory - The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.
42356950e1cc56926e25264368f0756b639d7b291d5d8fd340c0a7946bc690e8
Drupal Zero Point third party module version 7.x suffers from a cross site scripting vulnerability.
37b56deaef01f5ce524a97748fc68d4f269a0f41f3264e6e15807a3c27e9942b
Cisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
7bfd2bd455cd5f6b92d91689d93812aab9c993e272761cdfb6ba0d2c3bf6c303
Red Hat Security Advisory 2013-0687-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.
a3774347ea45c3c7ae68e1074b90367573297995db1225f26b9651f2ad1564ed
Cisco Security Advisory - The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Mitigations for this vulnerability are available.
4162210f7ba691ed071fdc74e025a5bdfb0887df0caea4092a5359e11414c57b
Cisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affected by this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP inspection.
8311d0cd7dd53190ebee1eb5be28570c0c0e1924521c952b8fe0af8712142057
HP Security Bulletin HPSBST02848 SSRT101112 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.
5a5dcb7601ecc8493e08966dbb1d863b2d8e50c35ab09c95d4634bbc73448fcf
Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.
a993d939b799c47a47bff241e1f49b6b00f251765344dc7c88ca3e0f7c959802