An independent vulnerability laboratory researcher discovered a remote code execution vulnerability in the official Ferrari online service web-application.
cd634fe57ff51c217453aa33dc7e4cad2c507d2915ae0f729bba7792b937c431
Ubuntu Security Notice 2707-1 - Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files.
454aadcc72ab27356bc6097291844b21c35e99f121004be9079deac843860748
Debian Linux Security Advisory 3329-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
032d7754d15daf5a42e6f9f97780a9dd8431d502054c7f15a05b87b1417f2da4
A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
0871a6862315dddb4b458e935baa1d9975da14b6a2a6fe621eb91c225e281bb8
A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
671f2a7c738b31dc6a03417ab29ce95089173d2f3c6b80d8f3156839a758dae5
A use-after-free vulnerability was discovered in unserialize() with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
bdc3dd33954af63076460ec415aa1687a2a7bb0690e51d14cc41bd321bce45d0
Froxlor server management panel versions 0.9.33.1 and below suffer from a MySQL login information disclosure vulnerability.
bea08fc5fe8a746bec832460f61703e56e29a8bb83c170586999f4de71e6f714
Privilege escalation can occur in Linux due to nested NMIs interrupting espfix64.
f62af298234e655a737d78137c9a21203b3fc70e674b757e92ae2c2517d1fb97
Tomabo MP4 Player version 3.11.3 SEH buffer overflow exploit that binds a shell to port 8080.
5f39055c0c13c2289ffa7d54ef8c96c0b7075dee837861e6f8b18f94e8876c3c
WordPress Avenir-Soft Direct Download plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
7844807154e232f36b2977ae5e053b33a124ffb57f58ee4e7788b75151070148
Red Hat Security Advisory 2015-1579-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. ceph has been upgraded from v0.80.8.1 to v0.80.8.2.
f2392b62da3dfba9be306537aa689d109eca632444e6fb287b3ca774649ec465
Ubuntu Security Notice 2706-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
43d713d4f87bfbe8c290f9a1b71ea87bd7e27654c81117d2859669b12657800e
Linux/x86 memory sinkhole privilege escalation proof of concept exploit.
00de01ce17182da940ac345f8fa7ea1753ac9ac98b859bc6093a33a5c280b7e1
FileZilla Client version 2.2.x SEH buffer overflow exploit.
ca15b6ff2734f76a2fc8ef302f058fa9280cb8afab33f7441ce251b71ac2fe90
NDPROXY is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces (TAPI) services. The vulnerability is caused when the NDProxy.sys kernel component fails to properly validate input. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode (i.e. with SYSTEM privileges).
10347041ea74c6b447143df9dd4aa3555e238a1fcca1ba360cd0d9e113076d9d