Byword versions prior to 2.1 allow for a remote file overwrite attack.
31dbff80533d69b46f741347c1aad7f82c471e3bb3fd8097ffceea0cdbad5d0f
Tenda wireless router version W309R allows for configuration enumeration without authentication. A NSE script is included for exploitation along with an advisory.
94fe6763bf250d568485660d4f5d4b2e374665b53c0a879b4e59b3dd8697607d
PHP IDNA Convert version 0.8.0 suffers from a cross site scripting vulnerability.
759740ae1495d2c12f07ef1905ef401162bc13158398bad2e8f666e18e875ab8
Icy Phoenix CMS version 2.0 suffers from a cross site scripting vulnerability.
63eac311bcc5c110f6b257c21931a26987f2af8f67fb1ec266f16bf2996a6339
Apple Security Advisory 2013-09-26-1 - iOS 7.0.2 is now available and addresses passcode lock security issues.
78bf4e20d83550ac24d39029e21f9d8b24c89776198824bbd44cccb8bcf7fc0d
Ubuntu Security Notice 1969-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
47ad35992bbbc67f1cad43435747f29f94d5e87efbbfdb5dbc82e51fb177331e
Ubuntu Security Notice 1970-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
5e12e33f49f1f5bf8779cfbdf49aaa4a002bb629cab6b20abc2852352af78ec2
Mandriva Linux Security Advisory 2013-243 - A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges.
91ca06b6329364c75747c0f85a55c45bc6033f08b2e6bb7fa73577a3bf412762
Gentoo Linux Security Advisory 201309-22 - Multiple vulnerabilities have been found in Squid, possibly resulting in remote Denial of Service. Versions less than 3.2.13 are affected.
0c44f7d361e4ed8a9c424771c417f381ffacb9d1092ef7260b173349c11cc6d9
Debian Linux Security Advisory 2765-1 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.
3903ec4ccc79432967878e89f87d6fdeefddcd86cea4d6f09148d0d4af7e6b8b
Gentoo Linux Security Advisory 201309-24 - Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Versions less than 4.2.2-r1 are affected.
42fbd346dc4e79100c814835fd5068ef0a6bd2ccc23977307e7f191f8be1cc22
Gentoo Linux Security Advisory 201309-23 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. Versions less than 17.0.9 are affected.
4bef7b0a7ff87d60b621f002b69fe1f1340530418ea99fdd367ef66518e8baef
Ubuntu Security Notice 1968-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
c10a089319f695c9298e0218e80d367e4b8e7a42beb195bb76762a24d36b98d9
Ubuntu Security Notice 1975-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
16189fdb29ef1621c06768231ec01452d6b65dbd6af49cfb6d4bd1119fec079f
Ubuntu Security Notice 1974-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory consumption) via the CLONE_NEWUSER unshare call.
8bf12b9042e8f4abd989d6e76d6db7e8fcb5cea6a2e6f38d7a1f196d0e16af7e
Ubuntu Security Notice 1973-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
63ed8f5b37475a48348edd4c032b51579f379e3d69cb52befecd1727d51a37f4
Ubuntu Security Notice 1972-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
0f9fefdbe51478ae4584a337c802dbed9908e144c668effefb4cb60f45b7d502
Ubuntu Security Notice 1971-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory consumption) via the CLONE_NEWUSER unshare call.
ed029cbc0dd66c1d66db892fcfc9337d09dcc8dbd8c1bfe377effe4cbfa96845
Gentoo Linux Security Advisory 201309-21 - A vulnerability in klibc could allow remote attackers to execute arbitrary shell code. Versions less than 1.5.25 are affected.
c94186050607efd9128a0698480eb18e3be1e4b7372b9a9ff84a90f3617d61e0
Gentoo Linux Security Advisory 201309-20 - Multiple vulnerabilities have been found in Dropbear, the worst of which could lead to arbitrary code execution. Versions less than 2012.55 are affected.
8c501aac169b59f4d7e34bf130f52ad2568dffab61cd485f6e2a81642491f13f
This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.
16cd8b04690fc28db1b8c5c9afdb81554208e84689604fe813314bc4a6e8d476
Red Hat Security Advisory 2013-1292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service.
bb34fbaf34b1e2d0617595612c429058d891776d85b070142cca272b51e1610a
EMC VPLEX contains a vulnerability that stores the LDAP/AD bind password in plain text in the VPLEX management server configuration file. This can potentially be exploited by a malicious user who has access to the configuration file to obtain the sensitive password and gain privileged access to protected resources. Affected versions include EMC VPLEX Local/Metro/Geo with GeoSynchrony 5.2 Patch1 and below.
84420a97ddf942aaec63002319e68c4e2bde47b40f973c04b4e92beb9a06cc3f
mod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.
5f80d81efab9b887ab6063336f50467c4282d2a92a64c29cbf5563b42ba9f24a
XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk.
4d1631d6f469e4eec20739ed04366120ee8ad777df5da5df3840c88f67f32135