Secunia Security Advisory - A security issue has been reported in the Payment module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
d41c25e85ac4ae160c13096d82962b6b9d3104a46805976580816c4d5740380c
Secunia Security Advisory - A vulnerability has been discovered in Oracle Java, which can be exploited by malicious people to compromise a user's system.
75f5df567ca6e5bb598956eaf61a16cdddb621017f941ae6d2e9c7a4aa090cea
Secunia Security Advisory - A vulnerability has been reported in some Cisco Unified IP Phone models, which can be exploited by malicious people with physical access to compromise a vulnerable device.
dffe809d76acdd2e6c7a7db4b0da2c83d70f4192ab5ed207d630f38f4bdbdb87
This Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.
b30345fc0ce669f179e6185df91c57d68d20a383c5a011c0ba877c1319ef539b
This Metasploit module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user.
307b7adfa8d05c300b48db94ceb041a3ced231d646f14a788423d6874081b7c4
This Metasploit module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory in the web root. This Metasploit module uses an authentication bypass vulnerability to upload and execute a file.
8483dda079be04a44863b410b51eecbb3374b00177e8c973282a9974a2918555
Nero MediaHome version 4.5.8.0 suffers from multiple denial of service vulnerabilities due to improper handling issues.
a667ecae12bef1ca764da84656ce5d402feb400df56dbf141eca769b9ea9f54e
Samsung Kies version 2.5.0.12114_1 suffers from a buffer overflow vulnerability.
ba64ccf75ec04e06017109e58437056a7a1dbd3ba88cbccb70812d4d1fcc3311
Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability.
8252388141e7acdab8a3ad358488b4c7928f6202ea3ddb4ef3a0897770e81079
Drupal Payment module version 7.x suffers from an access bypass vulnerability.
535b4866a799a0a1dabbbc5fe8374c834ad2d16e56968915a6a9127056d9b313
Drupal Search API version 7.x suffers from a cross site scripting vulnerability.
06241ab4337401841fd2750490e3015827b816e490cbf2adbf637a1776a32900
Mandriva Linux Security Advisory 2013-003 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.
3d94d3b0d2d1647beb5ae26b794650a765c690cdc66365234712f301f98b0429
Mandriva Linux Security Advisory 2013-002 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. Various other issues were also addressed.
9ee750b2b8c7902fd7785c0edbfdc5773ae0ab089e0b3acc4daccaf1b8b4b1c4
Red Hat Security Advisory 2013-0150-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes several security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-02, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
20a8dbd66e4be016adc44781debcd765abb0af106be7033d99dc1ef90025792f
Debian Linux Security Advisory 2604-1 - It was discovered that Rails, the Ruby web application development framework, performed insufficient validation on input parameters, allowing unintended type conversions. An attacker may use this to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on the application.
0581d96f49dc1b55c0f151232b2d24acf9a7d686380b72bd666cefac298521be
Debian Linux Security Advisory 2603-1 - Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to "safe".
ddf7bc7c4889ddfe1ef2ad9bd0556f0b667bb36217ab5501a99f4c11108e2209
Ubuntu Security Notice 1682-1 - KB Sriram discovered that GnuPG incorrectly handled certain malformed keys. If a user or automated system were tricked into importing a malformed key, the GnuPG keyring could become corrupted.
69f30d35a0a66cd25764996ab169e31f2ac7befe5e898436f48e9aaa8d5629fa
Debian Linux Security Advisory 2603-1 - Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to "safe".
ddf7bc7c4889ddfe1ef2ad9bd0556f0b667bb36217ab5501a99f4c11108e2209
Websitebaker add-on Concert Calendar version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
08f398cedb0b208dc2348c5f4b971fa4c1f1f8a17d18a0ccc2f9741ea6710a5b
Inmatrix Ltd. Zoom Player version 8.5 memory corruption and arbitrary code execution exploit that leverages a crafted JPEG file.
e93c531005e5c45acf7db63cf82c525cc84d2dc9abe53bbded611012472ddc3f