WinRadius version 2.11 remote denial of service exploit.
03c592cabb5091d7d30350fd9d2b0edd62776d334d11213d399514d0c16f9743
Red Hat Security Advisory 2013-0928-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host.
1ad26616fc364b191167c6388801cd7215206c00055b03e985d94de46d251e6a
Ubuntu Security Notice 1872-1 - It was discovered that PHP incorrectly handled the quoted_printable_encode function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code.
fbd8d051d9e6248714ab202a81e246785553a1f7bd5fcbed9a22fcc82cc992d2
The IEEE SafeConfig 2013 Call For Papers has been announced. It will take place on October 14th, 2013 in Washington D.C., USA.
b0bb8fb7a280d7865b86994be13c44b7a266ccb0bf5425550ed2b80c486f130c
Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2110.
6afd4b12e66b9713592aeb171b4b0f52c4440c3a72fa3eefcf7e9194fbaad293
WordPress WP-SendSMS plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
7e17f394479ad89ae3fe46d58ad525cd6a97373337b53d2c3c534b26ee441d47
Simple PHP Agenda version 2.2.8 suffers from a remote SQL injection vulnerability.
c1c20f33403252579505d8ca0abfdad1f12c1b4453401b5a08734774fc4d7a9b
perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64. Based off of sd's exploit.
59caf806b1911994747249031fa80d9f7f763d3edc8c72e2689c9b4185164b11
mkCMS version 3.6 suffers from a remote PHP code injection vulnerability.
b5a49fec1931ad3ae774efe120b62e22cf911136f7154322a7d3ff1e572659f2
Fobuc Guestbook version 0.9 suffers from a remote SQL injection vulnerability.
e9d441b015327d860d5ceb7e4d2dfdb88ad5e89146155f01bcf60ab38bb9639f
Fail2ban version 0.8.9 suffers from a denial of service vulnerability.
f76f159e42e87eaf9487498f0788795ab0ce200ba0820da608f8f5424a150a1f
Red Hat Security Advisory 2013-0888-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that permission checks were not performed on the target storage domain when cloning a virtual machine from a snapshot. An attacker could use this flaw to perform a denial of service attack, exhausting free disk space on the target storage domain.
d809108a0c0da5f0884217562d2f7b6e41d76a02d2f52d145bd8f09df5362cb8
Red Hat Security Advisory 2013-0925-01 - The rhev-guest-tools-iso package contains tools and drivers. These tools and drivers are required by supported Windows guest operating systems when installed as guests on Red Hat Enterprise Virtualization. An unquoted search path flaw was found in the way the Red Hat Enterprise Virtualization agent was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. An unquoted search path flaw was found in the way the SPICE service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.
8d7db196110d9f06320c08dbe07475c7a4b5bfc348edcbc73086bfa0e0f4db04
Red Hat Security Advisory 2013-0924-01 - spice-vdagent-win provides a service and an agent that can be installed and run on Windows guests. An unquoted search path flaw was found in the way the SPICE service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.
39738cdcf64417729f1bcd27a916f606a40c1299f7d19e25669edd587e1e3481
The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. Probing under the hood of this shell indicates that certain commands are run in the native linux OS with sudo, by using the "show processes" command you can see the commands being used. Due to a lack of input sanitization, it is possible to run arbitrary commands as root.
b4ff0c23630c23454621f19b315444b641a2dc3df5ce86782a719ea37d53d3e6
Red Hat Security Advisory 2013-0911-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way KVM initialized a guest's registered pv_eoi indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges.
4ea91716af9485fdaf2f63c4557f8a45dc42eca46d9ce7f61bd81b7aba88cb86
Red Hat Security Advisory 2013-0907-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM initialized a guest's registered pv_eoi indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host.
c5b2a5380fdbe6d50bc37c504a126e3ff1b8e4db8e9e20589a8f59d8f84a1e9b
Red Hat Security Advisory 2013-0886-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts. A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.
5ad85b5b12bcdb27221edc6cc06a9e3faf3363b5a36d34d02c0e3a14785a1ca2
Debian Linux Security Advisory 2706-1 - Several vulnerabilities have been discovered in the chromium web browser.
b694865cd0c253f7ed4ada8d59e9a97bb7844aa8c30c7334b72c3fb058be52c8
Debian Linux Security Advisory 2705-1 - Jibbers McGee discovered that pymongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash.
00e591336cf07a8f2e95ed9d81b0a164f3bc60d5f23716f45e7d6918a56e3e28