Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.
9ee9ba5f1db7f810bbb124ace07e9da4
WordPress WP Ultimate Exporter plugin versions 1.0 and 1.1 suffers from multiple remote SQL injection vulnerabilities.
e0b2a7f7b9a61ae9647b10e3a4aeceea
Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
40b9869aaae9701f0648ec3012fe5f27
Debian Linux Security Advisory 3492-1 - Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.
7f990faefcadc55fd4c0588fa966b7be
Red Hat Security Advisory 2016-0297-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0.
00e83d49fb0422c61126aab91853b99c
Debian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.
7b64bc56bdfb15859350ad791e96f648
Infor CRM version 8.2.0.1136 suffers from multiple cross site scripting vulnerabilities.
74b4a98d4859dcfa47ba7f62afa1bc50
Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.
c2e1a71f34137aeaee5e6fa5f9557534
HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
f735bb2272e9e3ec3ef4646dc97d36eb
Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
09bdd3514bd444e411a87140b8bd28c2
Cygwin suffers suffers from a dll hijacking vulnerability.
945e53b5cd9a63c5a7567d5da7106823
Various D-Link and Netgear devices that make use of the FIRMADYNE framework suffer from command injection, buffer overflow, and authentication bypass vulnerabilities.
125fe218a81ccd560b65ee071febb0cd
Google's Chrome Cleanup Tool suffers from a dll hijacking vulnerability.
2f03231c35dc579fb0a013456600b14b
GIMP for Windows suffers from a dll hijacking vulnerability.
18c41257dcf0401926b3da64a6a1ca33
The Linux kernel suffers from multiple privilege escalation vulnerabilities.
09817dae36349933c47ed3d5daa8be3f