D-Link DIR-100 routers suffer from multiple authentication, credential management, cross site request forgery, cross site scripting, and information disclosure vulnerabilities.
5fa80f1f29dd7ee9b093fe114dbad9791bd517a36b281032cef564fcfaa79130
Gentoo Linux Security Advisory 201402-2 - A NVIDIA drivers bug allows unprivileged user-mode software to access the GPU inappropriately, allowing for privilege escalation. Versions less than 331.20 are affected.
1e3c861a499a68f06d0140261c9e32db0712c3b211350a7d0382be20fab714e0
Gentoo Linux Security Advisory 201402-3 - An integer underflow vulnerability in Pixman may allow a context-dependent attacker to cause Denial of Service. Versions less than 0.32.4 are affected.
f461bacbca80208cfbe40a0793c77b58cae5262018231b8831473e40ed9403a4
Gentoo Linux Security Advisory 201402-1 - Multiple vulnerabilities have been found in GNU libmicrohttpd, the worst of which may allow execution of arbitrary code. Versions less than 0.9.32 are affected.
2dad2ec6046b88c2b3cb81b2f25d75ce3bcd4d5a233d9fe1dfc6e6a6929fa6d7
Ubuntu Security Notice 2097-1 - Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.
f11c67854a3104decb402ccf2a1ed533affcd9a766f64d10fe1bad7a0ee4f464
Red Hat Security Advisory 2014-0127-01 - The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
fcbc112c2011bbfaa630a03173d317b36980caa81e028f8712270b3e2516fabe
Red Hat Security Advisory 2014-0126-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon performed reference counting when using the rwm overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request.
4c6c34a110e573e8c64ef30e2391a60e3e7c5c71a67b50e86f57e1694004e57a
Debian Linux Security Advisory 2851-1 - Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts.
7ff5149651769ab685a8d22ecf1f421379747a2cb78fb7db2b2e6b44399f57ff
MediaWiki versions 1.22.1 and below PdfHandler remote code execution exploit.
b8f79be011bdbd02e08ab7955ce6c1818acfb3f8c4507dda03c263a152a80c2f
The WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.
2dd78ee648a3793edd606581b3bffa990f070dbc5f3063fd92e079140ca7f33a
Linux 3.4+ local root exploit that spawns a root shell leveraging CONFIG_X86_X32=y.
ede5fc0e0b7e794118d72948df2017010eaec9fd53af8390f4d8bde0ec184fa6
MyBB version 1.6.12 POST cross site scripting proof of concept code.
22ac595f753a3b43615359eea5fb2740c2bd4df7d83df7fcc165ba5b4fd2435d
LedgerSMB versions prior to 1.3.36 suffer from an improper logout vulnerability that can allow for replay attacks.
aebd76ca1473ca0c35d7b7dbc17da3b164760cd470cacb9812093262becbfd72
Jetro Cockpit Secure Browsing suffers from a remote code execution vulnerability that affects all workstations using the product.
02e7719dff1c189b4c1a63c2ece790d338fceba4614d30c5eb9f1cc4f0b02e7c
Linux 3.4+ arbitrary write exploit for CONFIG_X86_X32 that spawns a root shell.
4fc904f1502158ecb8a6b7cfef323a01f7b9fb01f6ee00d06660c72f407ddd61
Shadowbox media view suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.
b24bcffde0a5b44fc97c46924c491ae72262254441bb6c729b932f7182fd24e9