WebsiteBaker versions 2.8.3 and below suffers from cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.
0cae3fc143f1ea4bc4cdbc271fd1cb2f741730c5ed5f4ff66df29a15595cdc39
XOOPS versions 2.5.6 and below suffer from a remote blind SQL injection vulnerability.
7e8d6fb35bb4550056d89687e3d949395cac3d5592aa50668bdc98d676e39a06
NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability.
88c0a4583e04c435d39606aa8b68e2713c069f07aff5847cbfc33de6c91cf1f9
Red Hat Security Advisory 2014-1865-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dc24ad5b598ec2ab364a632b1e81425f128f04fa339b86e44a45a2050537ac81
Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
688dccb48f0fad7f4ed5bb8b5c284c3cde47754bf1f5692e7d244e4fdf120639
ZTE ZXHN H108L fails to verify user authentication when editing the CWMP configuration.
379d78f15981bfbdc0fafa805b79d0c2c4b158bec84b91a792f40504653be079
Maarch LetterBox version 2.8 suffers from an authentication bypass vulnerability via SQL injection via a modified cookie.
9cb54a17880cdfbcb236fb141ed71a002e6b870a480db141b5ff99b099a0ed8f
Openkm Document Management System versions 6.4.17 and below suffer from a cross site scripting vulnerability.
cf3126ca181a528f834899715bc856482de93856e932177bf8c9ae23ac38eb34
Videos Tube version 2.0 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
022d204ee27c8050738ee7d9a9d5d427c9fe2dac73f6d6df2913a10958c816ba
Joomla HD FLV version 2.1.0.1 suffers from an arbitrary file download vulnerability.
1f5d7b6e8ab1c5f896baacf5de0ee26586da67dbb2afa7fa04a53506d348e45a
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 to fix security issues.
c8e06f6798f2065c6aee09594d879f82c98290804b12aaf7347dedd5eb16a147
Red Hat Security Advisory 2014-1862-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
b95e5e6a4f9a8475b248f2a7c0b6fa60562e8dd85976d14b0cef78343a4ebce4
Red Hat Security Advisory 2014-1860-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
bb10b1eb6943f09018c3fc37c03be99affd56406e1151176cc1ce773d8d263ba
Red Hat Security Advisory 2014-1861-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
1e5c0ea467f5d2b3871a9653f790953cb8f000031d5ca707d2e3f7cc368b6d96
Red Hat Security Advisory 2014-1859-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
9a43ad27f0874894eb259031ca37c0b3ad9742957d3297f792b7785948cf6369
Debian Linux Security Advisory 3073-1 - Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
8fffc402af38bdb41e678130858ef5a67a02942cf952d7c89fbe50b5cae2713c
HP Security Bulletin HPSBGN03192 1 - A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software. Revision 1 of this advisory.
3b22f5fc8d2a225d20468f2e0c34749da225bf5130569567f712ac91c0c6e28f
Gentoo Linux Security Advisory 201411-5 - An absolute path traversal vulnerability could lead to arbitrary code execution. Versions less than 1.16 are affected.
39901c03eab865732404934e3b213c41e488f4c3eeb744fcb7b80f48c2e1f681
FlatNuke versions 3.1.x and below suffer from a cross site scripting vulnerability.
5a24e71816224fb41d555208fcaab69216971ec2ba44033ca2958711ffde12ca
Safari version 8.0 on OS X 10.10 crash proof of concept exploit.
437eafb52bef71c294744b306d459d357ec21d1f6d232fc3c079998fd5a24784