HP Security Bulletin HPSBGN03209 - A potential security vulnerability has been identified with HP Application Lifecycle Management running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
e679dd5c2daede4524e04696a912f8c749c70a8bafe54a0b2f0b220562cbe80e
Ubuntu Security Notice 2425-1 - It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service.
df98e002d16cc210ffd23af3c713e5b075ae7b6a0974979d6b56caca058a00f6
Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.
192dd00027ad64789b52484759c17f92a935cf687f895373607d3b900d19a1ad
FileVista versions prior to 6.1 leak internal path data and allow extraction outside of the stated path.
3c41a9d024130c7bed75e3f82d0c36623aba0b5bbf2db458319d7eee03859fcb
Gentoo Linux Security Advisory 201411-11 - Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.
73ccf120cd4c0ce4a96bbcd00e0a93a9fa5bff2c7dac71efc1a6c14ead3b2cff
Debian Linux Security Advisory 3078-1 - An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.
7217c0ae2ea44f802fdb12bc21101dee31a22b1db69bedc15efca5b833bb17cc
Mandriva Linux Security Advisory 2014-235 - Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files.
ffd5432731e6114de1f6fb03fdbfbba1a28f30ebad18de3760db8f1515a334c3
Mandriva Linux Security Advisory 2014-234 - Updated libksba packages fix a security vulnerability. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service.
4161d0bb416d2018777c709cd2038b0aaa0dba746d8e27b13c8d1dccd3322e19
Mandriva Linux Security Advisory 2014-236 - An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash.
3608d773793a8a2661f099e810c1c55e6f15845bbccf334b6e42c4f47a616266
Mandriva Linux Security Advisory 2014-233 - An updated wordpress package fixes cross site scripting, cross site request forgery, and various other vulnerabilities.
fc0e8f592fe175467d50e535aa40bb6824e42aeab1a1a0ddd3da3b18e749ce97
Mandriva Linux Security Advisory 2014-232 - The function wordexp\(\) fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ... can be anything valid. The backticks in the arithmetic expression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue.
3ae4a73075a4f65622957a8cedc74c98147406a7b1913f82ee05ab73b4ee0479
Red Hat Security Advisory 2014-1915-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-26, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
53efab1af664258ac3efe445b3476dea79d5f1cdad2149b62af991792779a123
Agafi-ROP is a x86 ROP-Chainer tool oriented to build ROP chains for win32 programs, modules, and running processes.
66cc11f612ddedb53eed6e5f3469afcee20c43234af2a3cff63cc0cca351ae76
Microsoft IIS version 7.5 suffers from an error message cross site scripting vulnerability.
81fc5a1359863025158fd7f1f9fdf3d02dcf4f689641d8608af4bda5ce325575
The D-Link DAP-1360 suffers from cross site request forgery and cross site scripting vulnerabilities.
55251ecf0633440957d348713dd25ad1aa213796491552bd68d69efa4111b2e0