The Alt-N MDaemon version 13.0.3 WebAdmin application suffers from a remote code execution vulnerability via the user account import facility.
b1e0f846c97665c28984ae715b8e4178e351676b7e1aef82d5ac59c0302500d2
The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a credential disclosure vulnerability. This is possible because the application replies to a request with a response that contains the credentials in an encoded (reversible) format.
5e526cfd34acc8dc5cebe4e940c88c797073c12adce735bb8dc9adf90132aebf
glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
6306b577c5a62df9e36abe88ce8b0307d8747c5119f8cf35f07026923b542faa
Ubuntu Security Notice 1731-1 - Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.
ef9e505dbeaa2ad430eea778d8ab79ad8cdd420cc8284cb9889efcadf8e51957
Ubuntu Security Notice 1730-1 - Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. Various other issues were also addressed.
40cd9b1218bf350a4f1e6f5441962aa2cec841a1855cb9bd3ea8fb2559367309
Red Hat Security Advisory 2013-0533-01 - Security: JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server.
d0d6dd86868163ea86659cbce4e62fa346ab23fec9600a6fe72c27a787121386
Red Hat Security Advisory 2013-0532-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
715f873e25410bc468e412c2a033bb64beb683efec1499c2641f64dcbd2dd75b
Red Hat Security Advisory 2013-0531-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect.
02aadfa81bfc8c12143738a124655e974f4700f9e9aebca7ab5638be2cd5ef43
Debian Linux Security Advisory 2630-1 - Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service.
68e6406bf02a36ed88b2b1ddae4498139d15e7cbd52cc26578fcb88b80a2a64b
phpMyRecipes version 1.2.2 remote SQL injection exploit.
48cf9d477ec7a80c51ed5ab37dd272196f3a99397e30828b2d1164825dd48df9
RTTucson Quotations Database Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cdcaa384c92df2bf334a9b66417054e96b8f61a54b8d21f9c18d3692cc3dc645