Red Hat Security Advisory 2015-0235-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
1246d516e043ffc90f818f13c00f66ff
Red Hat Security Advisory 2015-0234-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
8b682069ae2336163404af495febf685
Gentoo Linux Security Advisory 201502-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. Versions less than 40.0.2214.111 are affected.
4d90909e743f0d6574b549d64133eaa4
Ubuntu Security Notice 2502-1 - William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
f65eee5d22654167f01ee468d0000f87
Ubuntu Security Notice 2501-1 - Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.
7ddc93292681f688a7c0043de9e4d66e
This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.
ccdbee72507f4689f2f29a861de8f106
This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while interfaces with authentication enabled will be vulnerable only if a weak configuration is deployed (allowing to use javax.management.loading.MLet, having a security manager allowing to load a ClassLoader MBean, etc.).
ba7da3ce98fa7745ef13cb5f3a2d8f9a
Ubuntu Security Notice 2500-1 - Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
bc7d08b4a93cbe152fa15cda5cbc1616
GuppY CMS versions 5.0.9 and 5.00.10 suffer from cross site request forgery and remote shell upload vulnerabilities.
2f0ded5c55813679bf6095ec8b40ff5e
GuppY CMS versions 5.0.9 and 5.00.10 remote authentication bypass and change email exploit.
58e512843a5611ea33afc80e4f15ee1d
WordPress Image Metadata Cruncher plugin suffers from cross site request forgery and stored cross site scripting vulnerabilities.
168ed045040f9b82d2b5387d46d117e3
Remote exploit for changing DNS settings unauthenticated on the D-Link DSL-2640B.
531bc607c1c29b0947c50f3022f4a732
Ebay's Magento application suffers from a malicious script insertion vulnerability.
32a3d9a84bdd560106ec974a6e95190a
ES File Explorer version 3.2.4.1 suffers from a path traversal vulnerability.
7ddee995689b7ee1ead2ebf39c2ca315
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bdbed66edcf473b0458a0baf1ebe670b