Intrexx Professional suffers from a reflective cross site scripting vulnerability.
7e1f202d877049840b07b7d324c3147e199962936a01d0c126c15f3a5a11435e
Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack. Versions 1.3 and 1.4 are affected.
bb4d5d778f8965b832cb68b53a487a54d03e9cc70ff109a63b91a3be0a4c7653
This Metasploit module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The 'aa.php' file allows unauthenticated users to execute arbitrary commands in the 'ant' cookie.
c6579fbbfca38d36e2a6f84933254ca5552f498fbc09c37104f4b62e7c16f695
Red Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
6f51d606ff7b3322c666a24390b0422e80a72849656f025ba3acfd45a4c38b2d
Intrexx Professional suffers from a remote code execution vulnerability via unrestricted file upload.
14d46b9b3e12c5874cd180eacb54c90d7d73ac9a5b6b818cb3f7c048ffb88fd1
WordPress O2Tweet plugin version 0.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
646d9b986366525995dcfa2c507f57dabe4f6447d31f30262ae75dacdabe5e28
Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.
03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3
Gentoo Linux Security Advisory 201412-16 - A vulnerability in CouchDB could result in Denial of Service. Versions less than 1.5.1 are affected.
02b20373a08dde3402f59bfb3d6c740876cd2b6091a5d5fbd9a9125427cc73c8
Gentoo Linux Security Advisory 201412-15 - Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. Versions less than 2.5.3 are affected.
021c1376b048a79a75436fc37fbfae7da062ca6f643172ebfe5d8e173a30a725
Gentoo Linux Security Advisory 201412-14 - Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 3.2.5c are affected.
c4cd03bdfcf2efbcc948e588b676a1e59d0484ec2def017bbefadbc83748ff2c
Mandriva Linux Security Advisory 2014-253 - It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.
8336b360e16f0c2a346262a2b65d82bd0d946e35b938fddd29e48042ef43d491
Gentoo Linux Security Advisory 201412-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Versions less than 39.0.2171.65 are affected.
472f37f52920da8f3ab68f22980796eede21209283a155935fc6646773c26c45
Gentoo Linux Security Advisory 201412-30 - Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.5 are affected.
3cc565ec381a268c4b834de945bc73e3d1b2fdcb65dc933c43c6010c2389a845
Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.
1a8807c1c97e97b6cf8af38ad94c0f12afed0808ef6f0169b73e64b3b4d7a808
Mandriva Linux Security Advisory 2014-239 - In libFLAC before 1.3.1, a stack overflow. and a heap overflow. which may result in arbitrary code execution, can be triggered by passing a maliciously crafted.flac file to the libFLAC decoder.
cbbc26ea5cdb0eb3a0cdbdf8a01c1790ccfa0fedcb1fd4052bff4d93f5841954
Mandriva Linux Security Advisory 2014-243 - Multiple vulnerabilities has been discovered and corrected in libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service via a long password. Cross-site scripting vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
2a69f32ae47954054defc2d2e4957f21a079ef6d08cac1df6f4163573d18317d
Mandriva Linux Security Advisory 2014-244 - Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long fileserver ACL entry. Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption for Kerberos keys, which makes it easier for remote attackers to obtain the service key. The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Buffer overflow in the GetStatistics64 remote procedure call in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service via a crafted statsVersion argument. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues.
f0ded20bf2adb359a6b497c84a94616df27c085b24333664b6ab70f9a03960e2
Mandriva Linux Security Advisory 2014-245 - A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition. The mutt package has been updated to version 1.5.23 and patched to fix this issue.
041c79dcae85964278e5b7ed46bb61331c9b7ba9f5273229324b675b7d00e2af
Mandriva Linux Security Advisory 2014-251 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
31f344d63d9baca0e56a33307bf5601a34d328596c0f178547bc7bd8c78ab69a
Mandriva Linux Security Advisory 2014-250 - Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.
a8625283ecee460395d8476aec6cc661dd2cb703162b8a3f3d847a5f31745475
Mandriva Linux Security Advisory 2014-249 - During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.
adf1d3e7d2fd271696062fca8f954a2af9753513a585d7bb64bd9f7fcc5d0f55
Mandriva Linux Security Advisory 2014-248 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
87aabea0b65c9aaa124ec95d557113deb52f6d9692681c574a524366affbe9f4
Mandriva Linux Security Advisory 2014-247 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code.
5d23fe2eeb175480a6aff36ada4175a952b2290341274472507d97c8f7ceface
Gentoo Linux Security Advisory 201412-12 - Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.10 are affected.
ace5ab63b7a75f393ac56d393383f548a8b397f417ed2529a932894237c3b60f
Mandriva Linux Security Advisory 2014-246 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service. The openvpn packages has been updated to the 2.3.2 version and patched to correct this issue.
d68c5a0989fe540e597168036b2e3568179f1806f12dde0333bf499275742a10