Ubuntu Security Notice 2397-1 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. Various other issues were also addressed.
c6836488ba9b315c0acc9539519ca430c5a9d0acf813d465e7842be1b16a917a
Red Hat Security Advisory 2014-1801-01 - Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys. A local attacker could potentially use this flaw to execute arbitrary code on the system.
0171334d7aa257e314bc0281597d3f19bc1049a94ca6aa0907ff335730228390
CNIL CookieViz suffers from cross site scripting and remote SQL injection vulnerabilities.
a3ee80db996b5bd9fb995e0f9252847de164ffa783138dbcaa3903ed3c68c427
WordPress Clean and Simple contact Form plugin version 4.4.0 suffers from a cross site scripting vulnerability.
1d91c931536f21ad20aa07da813acd456f8bec8475ff5a7c8e9689ecb7f54ede
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d3c71b025a3b1e6dfc9dadb71847ae462f344b75d906db67740555ed5fb2bc43
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
fc542a6844bc71539681d08a215682726893e38cf2a930a49816509dd8a9d931
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
ef4f7bec4d928e06aa1985f7624af077f8bba56afdf4aecfc2ea091ad2e74f54
Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
91b7f27b2b81fcaee5d4e18fe8db2643b728ce24658f2588664513f954765a20
HP Security Bulletin HPSBUX03162 SSRT101767 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
c51bd30a7372995a2a077c7720121ca3dfb8254c3036fbf6a8b37926e402e633
FastHealth.com suffers from an open redirection vulnerability.
a2ce9258c491432b0530ccb81a9790670dd737647fbbd3a061366430a4c7fa9d
vBulletin version 4.2.1 suffers from an open redirection vulnerability.
caadc2b166f96c7a9221e96f42422bc769f60592be2d4b33103897aa96623519
Ahrareandeysheh CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
063270c0fd80b56b2ba7447565f3a3f480ebdaa112d77f55128ab41aabf7baae
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
05c5417a42590ca3bba3ad30881484bc6f8f78aad1a422b3765409428a5e3f06
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
ecf74f36440d02ffe810e9f650adc0dcd959616899d8fc6fe372d5148af0398a
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bc02f3202d523737697840ab82b5fdafbf74b5a2901e2a56a23422ccab890b33
EllisLab ExpressionEngine Core versions prior to 2.9.0 suffer from multiple authenticated remote SQL injection vulnerabilities.
54d576bf2854ade7d5e970b099908aa7fdc8da9bbb562477b70e54d0cf8bc273
ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.
f7f73acba950fe2fcdd7e2d0fba2650f734595e55003788431688a9c2e9377d9