web2Project version 3.1 suffers from a remote SQL injection vulnerability.
6563ec017097f58cee38cd13098192c9c9cc78f8142068a0465b826f646289e2
Dolphin version 7.1.4 suffers from a remote SQL injection vulnerability.
4595877d53716d0005b582527a83b60fa52e3698c6982a99b0f05b5443fd9e8f
Ubuntu Security Notice 2249-1 - Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time.
8be9fac4ad36b56bcc237a02c24459e6268fc88401496dd72a882fe5be9891e9
Red Hat Security Advisory 2014-0764-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift Enterprise node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. The rubygem-openshift-origin-node package has been upgraded to version 1.23.9.11. Additionally, the rubygem-openshift-origin-container-selinux package has been upgraded to version 0.8.1.2, as needed by the updated rubygem-openshift-origin-node package.
9efb51187bcf53776704421d89805d50742bcf7b104c1bee8f2470b01e14a698
The Secunia CSI/VIM web application service suffered from a cross site scripting vulnerability.
92a659ba8b4c66e3c8c83c07582a818e841eb8e24b014d6097b53cd8091542a0
This code demonstrates that any given docker image someone is asking you to run in your docker setup can access ANY file on your host, e.g. dumping hosts /etc/shadow or other sensitive info, compromising security of the host and any other docker VM's on it.
79a596f0ad35ccd46be65186db4b3f63701dd6939dde09f6ffd6c4df24a5afbe
Ubuntu Security Notice 2248-1 - Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in OpenStack Cinder, this vulnerability could be used to escalate privileges.
9a2f0de0000b134ad574967e2bd386f2a93c4dcb9cb13051779edfbef45c99f6
CDVI ACAC22 suffers from a lack of transport encryption for authentication and denial of service vulnerabilities.
047f2ac3e771278a841178d716fb08b78428f50401ded7587c85313fcd19564c
Red Hat Security Advisory 2014-0763-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift Enterprise node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
79473a1f28bbcc4c39fd9388de8288a9e16010e2592fe8e5daab4774863d34ee
Red Hat Security Advisory 2014-0762-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
ec30fba6c7a4c628bcdf2ec87477ea24857971985c11008a44df152fc67cd6b8
PayPal's SecurityKey Card Serialnumber module suffered from a code injection vulnerability.
5a18a5ce198fb752971c12d26f955c587d8e29ca6aae09a17b3ee8a28d3de784
Motorola SBG901 wireless modem suffers from a cross site request forgery vulnerability.
2114dc82cdf7f776e31c2ccf76f30c40047220896c4cdabf641d251581427434
SugarCRM versions 6.5.16 and below suffer from an XML external entity attack vulnerability.
75ac9dbf751b5a7e72f7c1007cb231586a2d7bdca087f2e5353448d2f0bdd326
support.software.dell.com suffered from a cross site scripting vulnerability.
88fbae513ec4e3557bcb15ecf8718e931175d1ec7b735014a5386f26ec052997