Red Hat Security Advisory 2013-0729-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules.
41854353e6a0e4c5359c5ebbe5184c2f1dad84beadf5a5ac0c893ee8df873595
Red Hat Security Advisory 2013-0726-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.
a68e1234ef1b2374b1f2e977776d08ef9f9328b8506c929c71880d859d644c31
Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.
5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62e
This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleedit.cfm (9.x only), directory traversal, and authentication bypass issues.
fc81458d632a151d75dbee734ef554512dc7bbdc7f0bfbae5d6c44fcafa675bf
Sysax Multi Server version 6.10 suffers from an SSH denial of service vulnerability.
50cbbd9b67f7808e61c6265a8082071e7d09c673279aac4a56165ac92bd9fc96
WordPress Spiffy XSPF Player third party plugin version 0.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a3597f51aeac54bbb4fee719e49631114cfa5a22f8b62d1e4785cfcd18eedb2c