WordPress Tune Library plugin version 1.5.4 suffers from a remote SQL injection vulnerability.
2931fb6c373d55fd921ef587bf5ef92aa275394f123b701795f90f8bc9d6476d
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
d5f85301af3dffe3b4bd14bf60a3e2180bbd06498604df89c6458c561238d3fe
SevenIT SevDesk version 3.10 suffers from multiple cross site scripting vulnerabilities.
32901659aaff584a67884ca5d0a5cbdbd7d3030eac6aeec3e5f69e47058f4e08
Wifi Drive Pro version 1.2 suffers from a local file inclusion vulnerability.
c5cf5d3f463bf90cc37405e42f2ed0f1feba8800be2c7df9bc9363ef6c8a6500
Linkus Photo Manager Pro version 4.4.0 suffers from a local file inclusion vulnerability.
b614388f9b4c56cef7c47d2b254c9e8138617bec9ef83f17c6453718b3ce62ab
Mobile Drive HD version 1.8 suffers from a local file inclusion vulnerability.
5666a93c4bdae7dc1cd57519a7bbf8bf25003b817d748de7aa3502b66c378287
Linkus Photo Manager Pro version 4.4.0 suffers from a code execution vulnerability.
17f43a96d245003246de2b030644e3fb197c4bc15ff7079485eb6279503bef62
PayPal suffered from a cross site scripting vulnerability in the merchant directory functionality.
cb16d835e91864e2fd12a56e0f8d4b54c672986a7f464fbd094742ce8da23445
Ebay Policy CMS and API suffered from a cross site scripting vulnerability.
640f7802754c69626702ae63de020270df5f0b938065c4221335903f9286ca71
Ebay Magento CMS and API suffered from a cross site scripting vulnerability.
79dddf1cb7c553ddf29b677cd9a9b41786da11bff0463642c273fbe7690594d9
Ebay Xcom Item Preview functionality suffered from a cross site scripting vulnerability.
6a48404cf1eebbb0f5b22ddcaa8f5c2dae1874b532ef5baa0057bd698d548ad4
GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.
7256456084495a4dbe3a66cfe151aa2d0781d6b24ed4d1d7335c61904ecd970c
WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.
6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8
Proof of concept exploit for OpenBSD versions 5.6 and below that causes a kernel panic in sys/uvm/uvm_map.c.
85418d5d6e75f156c9e54a0e8d83c42c375ef65d5592db9ab51ada3a7746d9f6
WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.
f3d2ee0169a4862b50a26f4db64ebb0dd910007cf1db21e531bf128f5fd07b11
Red Hat Security Advisory 2015-0863-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.
3fda2d2de3dbc012f471e38333e69c22019fc8670e36541d0d45378234b7d9c9
Red Hat Security Advisory 2015-0862-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager.
8eda90a855ac3577489468360a9085f7348941cc9faa95b71d882d2291f4609d
Red Hat Security Advisory 2015-0860-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5 year life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. They encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6.
67a38b67f6434c96462afc823db59e7213b4f71c7938118b7b4627462d8b5991
Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.
24e7a0f27ae4cfb8cbaeef49a7e9203298bb317a8eb324c5b8f16adb18278828
HP Security Bulletin HPSBGN03305 1 - A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
5fb16d90b23b1ad2f3685f6f2de7e6587f649473276261eb9d829f2bebb968f5
Ubuntu Security Notice 2573-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.
096e77766a83ea828d4b314e6b7b24c9ce7b6edc5965bc693fcea4a155666ee0
Ubuntu Security Notice 2575-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
bf0daf90f0197bb158b3217908da68b65033335c6f6a3f5ab6b2f4607c225707
Ubuntu Security Notice 2574-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.
0683424e8df590c4b914011d9c5b55a874444f3daa07b619898decc714cd7093
ProFTPd version 1.3.5 remote command execution exploit.
33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9
WordPress NEX-Forms plugin version 3.0 remote SQL injection exploit.
ea15e9b2d9dd075be1540595aba9beb5f09e85bb2b6295eb3c61de9681bde77b