McAfee Cloud SSO is vulnerable to cross site scripting. McAfee Asset Manager version 6.6 is susceptible to a traversal that allows for arbitrary file read and remote SQL injection.
235fa0a455346bf78fc185e183a6d715c8696783a2e2e500e8bac0e9db5f3156
Red Hat Security Advisory 2014-0310-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.
38c9a08689793ed4fe17d61018e3aa8c675fa8d5b8dc57eae2c8e68f9abd7d0d
Red Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ed152ea19937dfd772c59ba8bdad4a73bae67c13b28bf59e21e0dec3e764f158
Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
2a64c8f53e6dc048bca206f2a449803fc371f77164f14a295802d4991566105c
Ubuntu Security Notice 2150-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
9fd46be9a10b917dc455961f9ebfaefd537de7a30d8809e8ea6f33183e56470c
A vulnerability has been discovered in Elemental-IRCd/ShadowIRCd all the way back to version 6.3. If a client does a SASL authentication before the server is ready for it, a race condition will be met and the ircd will segfault to an address out of bounds error. Demonstration exploit included.
4501916be0db906cac09b9b45bff1dbbfb26c9183a28a1ff168f52adf5ceb358
The web interface for VLC version 2.1.3 suffers from a cross site scripting vulnerability.
d4f9ce54a51d0d689fe5c695c1fece0859bbe08ffca2fd732d3918b7d5054ec8
BarracudaDrive version 6.6 suffers from multiple cross site scripting vulnerabilities.
9e9889ce63421a5123d2e2412d4c58b6d58a521e54123e508a9b2b6f5d249aed
Open-Xchange AppSuite versions 7.4.1 and 7.4.2 suffer from a cross site scripting vulnerability.
fa92825ba91c0472654c533544c6b2eb942b65f4321430779dddde151bb3a5a1
ExSoul Browser version 3.2.2 suffers from a remote code execution vulnerability.
fdf3bd0df3ea66b9e281fffe25c9e152f5c20c599e6d56fc5a375d9e32c8a578
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
9a76b32967b2325f985c66790565d295d147840f3b9d6ca95d5850990a00cfef
This Metasploit module exploits a buffer overflow in Gold MP4 Player version 3.3. When this application loads a specially crafted flash URL, a buffer overflow can occur that allows for arbitrary code execution.
3da8325ad16a545338d4432ea3ca98df98052bedd020b25d70f23015fcfd6ab8
Array Networks vxAG version 9.2.0.34 and vAPV version 8.3.2.17 appliances suffer from poor permissions, default and weak user credentials, and ssh key handling issues.
424281c262881d13818d8b421e2b8079d01b94b35e76add57e3557344aa28c2f
Quantum vmPRO versions 3.1.2 and below suffer from a remote shell backdoor command that lets anyone ssh in and escalate to root.
86021585379df42396f7ae8a9afbc5718765133267144a1045108c43792f706f
XTRA Browser suffers from a remote code execution vulnerability stemming from insecure use of the addJavascriptInterface functionality. The vulnerability allows attackers to execute code through targeted browsing attacks to pages hosting malicious JavaScript or by loading up a malicious file into the affected application from the local storage.
2a98b20d83883200c6dd809b0710b1bd174a2d328fd9b4671132306164912b5d
nginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).
8352b0f536d1d2db731dbea6ffe0990452b85c17e1de3830432937e8c4173ec3