Debian Linux Security Advisory 2717-1 - Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.
e77b2ac1c69587019e6303726502b7af
Mandriva Linux Security Advisory 2013-186 - Updated puppet packages fix remote code execution vulnerability. When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.
d84c160ca7e05a2b999e98cd41a576ac
Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4073.
4f6fde76da879e81713e68dd639551e4
Fortigate Firewall versions prior to 4.3.13 and 5.0.2 suffer from multiple cross site request forgery vulnerabilities.
fbca49c87adc2d6887f9b55df4504d6b
YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
a5d9881d634167e06e2db886f4cca8b3
If you have physical access to a Microsoft Windows 7 SP1 instance, you can leverage the "Launch startup Repair" functionality to gain SYSTEM access.
c52e640cc11080951b3b69430724c758
Red Hat Security Advisory 2013-1001-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired on December 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, after December 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.
d6e9e6e8bab7cfee4a7eb576004543db
Mobile USB Drive HD version 1.2 suffers from a remote shell upload vulnerability.
57bd463871e8a0cb71bbfc62aac51778
Barracuda CudaTel Communication Server version 2.6.002.040 suffers from multiple script injection vulnerabilities.
4684145ae35bcc6c956181686c6b3503
PCMan's FTP Server version 2.0 remote buffer overflow exploit that leverages USER and pops calc.exe.
75b5495b82efc4e8713620080cbaa441
The PayPal Hong Kong marketing site suffers from information disclosure, user enumeration, and bruteforcing vulnerabilities.
b517c2fc98d08ea05db8c5e8e6f1a8af
eFile Wifi Transfer Manager version 1.0 for iOS suffers from local file inclusion and cross site scripting vulnerabilities.
730f03745fd75d14f23b6285dbf1288d
A critical password reset (session) vulnerability was detected in the Sony PSN Network web server auth system account application. The vulnerability allows remote attackers without a privileged application account to exchange session values and reset any psn user accounts.
d6e4bc15b8000387851d15849913b56b
PCMan's FTP Server version 2.0.7 remote root buffer overflow exploit that leverages the USER command and binds a shell to port 4444.
26b44400415603fc3d92809f89abd244