Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.
d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862
Core Security Technologies Advisory - EPS Viewer is prone to a security vulnerability when processing EPS files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing EPS Viewer users to open a specially crafted EPS file (client-side vulnerability).
1e976c709e9923b7de99cb14fb2f670c20a612913a3af82da2b7ddc3bc925d6a
Drupal Node View Permissions third party module version 7.x suffers from an access bypass vulnerability.
7ca5999ea6318f70dcc57e0ccabbb7102184fb0146a57fbc7a302308d2e184f0
Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
b1ea1870b8ffa92fa2b9399875bedbe661440f8f5a1a71aa38f9d130235ae5ae
Core Security Technologies Advisory - Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.
21cd4dd29b0d5d565a77dc20c6f24d3e2536eafdb028b9c755120d0d051d37dd
WordPress Wordfence plugin version 3.8.1 suffers from a cross site scripting vulnerability.
877036cb543d31efe9aeeced8a2497abf3c29130f3276a4cf110d0a249650272
HP Security Bulletin HPSBHF02888 3 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 3 of this advisory.
8239e84bfea2e012f2e9ee091ba0f400119fe80706c62cfd2e732a4608f577ae
Drupal Flag third party module version 7.x suffers from a cross site scripting vulnerability.
f1f231f32167e84be3f73dd02169b893610f503b40cd32c0074fdabdc225ed9c
Cisco Security Advisory - A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS server. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server. There are no workarounds for this vulnerability. Cisco has released free software updates that address this vulnerability.
24f4eb4918b68ce6f025d4f11b936967593ada6bace57a42d482fdba12d618c3
Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.
7b5b33cd2756da3ffe8c64031b7e60cd9b0cbd4644f5ab8e89498500f2a141bc
WordPress Encrypted Blog plugin version 0.0.6.2 suffers from cross site scripting and open redirection vulnerabilities.
8584bdef7145c52fd6508ebb8bc399f13fe30a4e1e37ccec276dae4e1e44f238
Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.
fe4ecab0cd3f2337a6c819fe2cd9a3cdca982c55e8e4679b44d218f444dacefb
Google Docs suffers from a clickjacking vulnerability that allows you to get someone's full name and email address.
f40d125935d8955f224c0956ab7c6e95c449baba74d1ba9b75aae6bd775a70d2
Sites powered by Blakord Portal suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
4ff80a2526c8ff13609305d054befb8d70cd8a3312e6d2371f8392b5ce817b93
The WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
17871129a30d053f15ebe5d29e7c76e76cd180faeff48ceb4f0500e1c251de2f