WebTitan version 4.01 suffers from remote command execution and directory traversal vulnerabilities.
31bb563ba45d9f1705203ffe533103b28d9455039d7f5594f6e0b5ff6584664b
This Metasploit module exploits a remote command execution vulnerability in Unitrends Enterprise Backup version 7.3.0.
990dbbca3608cabc6a86f28a9fb4e995a70d4fd9ca01cb2876fd6e886b835ca0
The 2nd annual HackMiami Conference takes place May 9th through the 11th, 2014 in Miami Beach, FL, USA. The call for papers has been announced.
6154f2cb172ac4fd0f29bbed1da227ae544b63e7f674a4cc50ad8bfa7b7a1c50
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash. The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page. Adobe Flash versions prior to 13.0.0.182 are affected.
74271eacbddb7ae8c9fa82f1d54ba1847cb249784eb45f07684efc33d4fc7c18
Xerox DocuShare suffers from a remote SQL injection vulnerability.
359f347609e558ed6a4327b3bbf7312d0184b8b8950c198fc1929251921926e2
HP Security Bulletin HPSBST03001 - A potential security vulnerability has been identified with HP XP P9500 Disk Array running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
a4486d1e4a27dcf59435499f16a993dc43c9f57f6e185edd0623b6c166498376
HP Security Bulletin HPSBMU02998 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
929b3f2cd69d6c070b694f99b566bce425a57f971ca91ac7a122afe88f7eb2f4
HP Security Bulletin HPSBMU02997 - A potential security vulnerability has been identified with HP Smart Update Manager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
b71fe3a9a964fec200830af320a0bc29198483a1fefecfd84439a07026697de7
HP Security Bulletin HPSBMU02994 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
9136db41f765d29c48c992de49b2c3261c352a943ab68120fe6788760476c093
HP Security Bulletin HPSBMU02995 2 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
72c5dfc53db821c3cd75feadb5e9ec107d6c98de335d787941649d382bc15230
Debian Linux Security Advisory 2902-1 - Two vulnerabilities have been discovered in cURL, an URL transfer library.
da3502c130f203873bf0e759e38b393026c7502c6a847b54750aeb3fb5affbd9
Debian Linux Security Advisory 2901-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.
f49d94dbeb8d28f68730205644c298480c65c8a691c0dcd80f4f52c994206a7a
Ubuntu Security Notice 2168-1 - Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents.
1785c4cf7c8220484721a7d2be067fabb6c1b6da00df9402e67e3fb67239edfa
Mandriva Linux Security Advisory 2014-077 - Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image file. The updated packages for mbs1 have been upgraded to the 2.1 version and the packages for mes5 has been patched to resolve this security flaw.
b19982fd8981510714ae922d5c7e838c4c23421781ac09bfdf0549354f6a88e6
Debian Linux Security Advisory 2904-1 - Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.
55710322d25bef7d15ba3a2da0ca8209657fed23bc990c607cacab173c065ba2
Debian Linux Security Advisory 2903-1 - An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly.
fbc26dd666b0f44e0e8e541df2f9bd77d814bb2761d9030a503df52333edd9b2
Apache Syncope versions 1.0.0 through 1.0.8 and 1.1.0 through 1.1.6 suffer from a remote code execution vulnerability.
6d94a96f8baecf063b4bc07ade222c1496c0edecf336e0795af31c63ae3aadda
clean_html in the lxml Python library can be bypassed with non-printable characters.
02b53f8cf39d78b7cfc1a5dbfd140961829e4754c5270a979f371e2ff32c11ab
OpenSSL library is used in Ruckus products to implement various security related features. A vulnerability has been discovered in OpenSSL library which may allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. An exploit could disclose portions of memory containing sensitive security material such as passwords and private keys.
e2389dde2b3d98946abd1657f86b8b235aa6c789773e1225b58757349034d256
The Joomla SMF component suffers from a cross site scripting vulnerability.
691b1558f44036aa412a16d9d48319a2e05b950926b8f7adeb1cb8762a312014
CMS iCAT suffers from a cross site scripting vulnerability.
4142a14039d875db3d4ba2aa458084220881ad8db02fefecb3781d62981f9bd0
Joomla Wrapper component suffers from a cross site scripting vulnerability.
45596ee0e1e9bf3db9bb55c44f5aa93c0ce3579ef1b14446af9a10363d6940fc
Netgear N600 suffers from password disclosure and account reset vulnerabilities.
3aa397170870ccd6711672cb816baf59707da906443dc86626bdc573625d75d9