UNIT4 Prosoft HRMS version 8.14.230.47 suffers from a cross site scripting vulnerability.
a4f3ec7feceab6a3f99934e46758de2c2efe2b7b713bcda776bb1b9bff55099b
Landsknecht Adminsystems CMS version 4.0.1 (dev and beta versions) suffer from cross site request forgery, cross site scripting, and remote file upload vulnerabilities.
4c501213b8e037592e532e7fae3832f0793801bcd2630eba52f3f0dc202b7076
HP Security Bulletin HPSBGN03258 1 - A potential security vulnerability has been identified with HP Insight Control server deployment Windows Pre-boot Execution Environment that could be exploited remotely resulting in arbitrary execution of code. This is the vulnerability known as Winshock. HP Insight Control server deployment uses the Windows Automated Installation Kit 2.0 to generate the Windows Pre-boot Execution Environment service operating system. WAIK 2.0 is vulnerable to CVE-2014-6321 (Microsoft Schannel Remote Code Execution vulnerability). This bulletin provides instructions to update the Windows Pre-boot Execution Environment with updates from Microsoft. Revision 1 of this advisory.
fdb36a29c9f919ae18292d8cf51a2c7d25c56db903151def63ed21febd08e1c0
A number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query. Proof of concept included.
34b002a3f907250f8f492040b56ddae24228180c80888d6f1fb7b330a3c1d5ba
A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.
ac7559e1e73b67d06c92b883f14f41cbf66238ec15aa4ca1bdae29c219ef9c78
During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.
26c45dc9330c4b9106868739be6a04123e25c4881dd15ee9236e856c7b66fbf4
Router Hunter is a php script that scans for and exploits DNS change vulnerabilities in Shuttle Tech ADSL Modem-Router 915 WM and D-Link DSL-2740R routers and also exploits the credential disclosure vulnerability in LG DVR LE6016D devices.
9cf69c958fcf9b85f5aff152f7b92ca2f6c7e10bf683c01ea6febad6a68716b9
eTouch Samepage version 4.4.0.0.239 suffers from remote SQL injection and arbitrary file read vulnerabilities.
3d132193ed477d7d4ba1937eda3c2f767b2192990404bb7846361beb567d88c6
Cit-e-Net version 6 suffers from multiple cross site scripting vulnerabilities.
526bcf6a66b8b5bd0787352fd099676df823fb8295c9426bd68b5ec9306b352a
An unquoted service path vulnerability in Realtek 11n wireless LAN utility allow for privilege escalation.
8edd0b8e4145ca253b1c8218791fcccd4e50c65d89ec06e4fce246341f7908e6
vBulletin versions 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3 suffer from a cross site scripting vulnerability.
b4ccb13ef6eef032e7a9d2f031478fe37ff8d9ba120c3811c439050f150fdb47
Vanilla Forums versions 2.0 through 2.1.1 suffer from a cross site scripting filter bypass.
886cab150352c4f15528711131df90f73ecf383744e97b0143a136ce58c2861c
WordPress Fusion theme version 3.1 suffers from a remote file upload vulnerability.
7e949922af7e084f3e5004bd72e715be162526c75d9eeb904ce6040f218ca1c7
Ubuntu Security Notice 2488-2 - USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS. Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1ba3829916f38cc8b6f3e2bbeba9b556ef562873a7a035d0f40069446390f3fd