Debian Linux Security Advisory 4111-1 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.
875fb1d918df3b661e4db466d4345a2f702d542ff1100d9a149bf7bbf114f493
Debian Linux Security Advisory 4110-1 - Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.
177e2fda59e9e6ba3a12f1c8d564ad42a8ca0e3bef74df674862b69bd02f1f54
Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.
e59f433e0256fcb085e31cbcbe55a04241623a2742f3d2f521b26f9b0dd390b5
Paypal / Money Transfer Clone Script version 1.0.9 suffers from a remote SQL injection vulnerability.
52d5d66942b0043aef7d321cc85c7938260c17772f2ee4067d2df036b7016027
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
2386b180183de2444fc4be1e86a6a581ba36877d6356baa5950a46293f5e1a09
This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software ("units") without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This Metasploit module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.
b9cf7f1398025752a68090222798f0555c42f1663cac0bf08ca8e26038f30d77
SoapUI suffers from an arbitrary code execution vulnerability via a maliciously imported project.
e0430156b090f4e310fb65f9d97bfd534dbb8ded698fc0bebfe67d93c3f5f141
Readymade Video Sharing Script version 3.2 suffers from a remote SQL injection vulnerability.
21a73403ac2fc9366ac278300a68d7247ba22c5efbd4d8cb353fe69ea07defdb