Drupal elFinder File Mapper third party module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
1b78014778f58c0e69085bc915cc9663c2fb554fe12306c3d14bff605cae1d2a
KrisonAV CMS version 3.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
67fef60fe75255a54bdaa421e598033b564c3cd7f9a2ddc60ad14b24dcb74af4
Apple Security Advisory 2013-04-16-2 - Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address many vulnerabilities in 1.6.0_43.
729975cdb6190f6a342d07628259c73bcd3f36b80d4cc898f7e442db272605ac
The Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability.
bda67853310f31100eb0d7eabe5f41ccba0af48ed6d9d0588dbc627b879ca5c2
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms.
f2ecdb133a910caba3fe823da7e97c6b19b3cd08e31d2581b74733a09d7fc2c9
Apple Security Advisory 2013-04-16-1 - Safari 6.0.4 is now available and fixes one vulnerability. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.
3a89ff7462c5244bed37bf3530980d2b9d9ba36623eb4725d574dfba20f33962
Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. These range from cross site scripting to header injection.
e2706921a9718e5f1888014c099073f64e4fae60be06edb06264c9b991a2542e
Drupal MP3 Player third party module version 6.x suffers from a cross site scripting vulnerability.
2931075252225a999b92df8d82e9a2f8c28184385f1e001b9b5203c4e7a1ce8f
Drupal Autocomplete Widgets for Text and Number Fields third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
f18968b9cd445e48ab19924ba4ec5903416dee4fa2067746d5a3b81b696ee5b6
ZPanel suffers from a remote PHP code execution vulnerability.
cb33afd179e83c86b0ed86861357632fc5c668bcaac89201cd95e4351ee00eaf
Sosci Survey versions prior to 2.3.04a suffer from authorization issues, cross site scripting, and remote command execution vulnerabilities.
2688b19fa954cb3f1486c7c46ca8d36690ad27229d60a36c584a5f2d3a45c7aa
HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.
d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087
SAP Basis Components versions 4.6B through 7.30 suffer from a remote command injection vulnerability.
439e261026af63ba9c8aeee51164c2ae9e2259c65267679fcd1b65b7fa4df04f
SAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.
eff7e22f57554cfb6fb76dc4a0134bc770589d4294f8621e081e553afee5d7da
Oracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).
db5a5e389d8d3c4c134815cc14599a283f8f6970e50643600808191ba1a9acdf
This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions. Although this vulnerability is found in the SAP industry solution for healthcare, the functionality is also present in the SAP ERP central component (ECC 6). Thus, customers in other industries are also affected.
04068b72f2c992a2fd3f3c6c9328f3a8d53414cded64945a2d57f759d3167747
Red Hat Security Advisory 2013-0747-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system.
9e0aa536e0da762edf8c498c10bb83405607592006ca6d9a7c71cb4b1a98321e
Red Hat Security Advisory 2013-0749-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.
ca53255a02a059d91e5a702c6b1219475f8516e8f0f03108ebb607ced43031f8
Red Hat Security Advisory 2013-0748-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
7418bbcc8fbfad8c0d43913ef16a0db8c57fcdeedd65917176af08ab2350df19
Red Hat Security Advisory 2013-0741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
be58c9881dae761f77362629f07bbadce7bacffad49b827014d6616ac8b9ef4f
Ubuntu Security Notice 1802-1 - It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions.
ddaed35aa51889db85e8e8ee45090e553664fe39dec721fa2b619084f5911060
Mandriva Linux Security Advisory 2013-144 - Multiple cross-site scripting vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the visualizationSettings[width] or visualizationSettings[height] parameter. This upgrade provides the latest phpmyadmin version to address this vulnerability.
4b402b15c02d1cce2783b63a6160f83535655f892d79b84d2f266df0895b94e7
Mandriva Linux Security Advisory 2013-143 - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via vectors that trigger an invalid memory access in splash/Splash.cc, poppler/Stream.cc. poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. The updated packages have been patched to correct these issues.
b5ae675f08df14c8bc676bdb7b202ab56eacf4377100b3196ff1bd32e3ea2027
Ubuntu Security Notice 1801-1 - YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.
ea0c4e42890a1098fca522fa72544604763aef3b197e27a9829c9659c96f3579
Red Hat Security Advisory 2013-0742-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. This issue was discovered by Martin Kosek of Red Hat.
d1c8bae030a7c5a20dd7dc9a69ceb44dd2d44cdda1a45f3c1fc50f1f3af0645c