Monstra CMS version 1.2.0 suffers from a remote blind SQL injection vulnerability.
8f646b41ef7d6398179c427aec485dce9f11cf86266f17f63bfb8ccaea4a854c
WordPress Comment Attachment plugin version 1.0 suffers from a cross site scripting vulnerability.
ee16f6f50293855bcd58cc0c73ac5efb633bd28634e6029c4580e4b6cda87866
HP Security Bulletin HPSBGN02925 - Potential security vulnerabilities have been identified with HP IceWall SSO, IceWall File Manager and IceWall Federation Agent. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.
865b38cec1bd86fdc0034e40330659537f196b428d904e25fbada9b55d21b391
HP Security Bulletin HPSBGN02923 - A potential security vulnerability has been identified with HP ArcSight Enterprise Security Manager Management Web Interface. The vulnerability could be exploited remotely resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.
e0bc0b88ed354611d5545f47992f9e59a454b06f4c59fc92cd67aa0d6eb1fb34
Debian Linux Security Advisory 2761-1 - Several vulnerabilities were discovered in puppet, a centralized configuration management system.
e21a0bf299d290b68b0968e965c5bec067190587b93633d31aefda8ca029212a
The customer service message in the My Selling Tools section of Paypal allowed for script insertion.
4fc0aab28d40e382320645dd2458e2851b10845c325983e88d3580f2925be850
This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10.
b6be92789311b465be99dfdca2d0ac2207f5eb8fd1d7de3d361ab48a8421df40
This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.
153813f0acc368a45adcb43f7156aa643bd4c5305a6564c6562b51d3c58cec74
Red Hat Security Advisory 2013-1274-01 - The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project, which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
64b0ccd1dc6a95b6696b153ccbef3c292d4db5c72bfb5e09000f48a0e5d4777a
Red Hat Security Advisory 2013-1270-01 - PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges. Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly.
369462751485ce57a7dc4368daa0729692f200cbd02c367e79046bde85ccbc66
Red Hat Security Advisory 2013-1273-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition.
07c72c42ad7d65ee017a1ca3182c241b7aea1fb50be1454c7aa0aa3ef86feee2
Red Hat Security Advisory 2013-1272-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue.
d92904347fa422567abf49e49fb5c4c1e4959e1c56937eff10d983ba67e44e91
Mandriva Linux Security Advisory 2013-239 - Updated wordpress and php-phpmailer packages fix security vulnerabilities. wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of.htm and.html files, which might make it easier for remote authenticated users to conduct cross-site scripting attacks via a crafted file. The default configuration of WordPress before 3.6.1 does not prevent uploads of.swf and.exe files, which might make it easier for remote authenticated users to conduct cross-site scripting attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. Additionally, php-phpmailer has been updated to a newer version required by the updated wordpress.
14d3e4af5ccf56ce47340ad79ec994f4f64d3f8a5ec89000dfd5cb60a7c7a95e
Mandriva Linux Security Advisory 2013-238 - The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service via a crafted packet. epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service via a crafted packet. Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. This advisory provides the latest supported version of Wireshark which is not vulnerable to these issues.
59f514761be19fd8610b15bd6386922bee2038f6ecab24aabefb8b76061ac264
Ajax File and Image Manager versions 1.1 and below suffer from a code execution vulnerability.
31237d5de06bf26d9ad7ab55fd1d1c9458637ce9c4fee50f8d6fb5185bddb0d1
Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
4be24f840f572fb691ede47d78c81bed25a1b4f21cd556207faf96e20152327f
HP Security Bulletin HPSBMU02900 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 3 of this advisory.
b930d764b9b0c0dddad54a771b6387f16cd50297af79c0ae2ab5b835d0ef2fa3
This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.
9b1b3722c40ca89375f977802175807d831acd844ac69afb11a55ae6296de174
McKesson active-x control version 11.0.10.38 suffers from a variable enumeration vulnerability.
eb5a347719e20933c95310d59d0af5d7d0a513bcbf2f6ec63b483b1c7dc9b822
WordPress RokMicroNews plugin versions 1.5 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.
ea1a5a7a7041572f9f1666622d7a30d7aaf1299bc892596fc238dd0d0c44d675
This Metasploit module exploits a buffer overflow in A-PDF WAV to MP3 version 1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
c36f8e21b4b97cee5ba878b04ceb9d74b2c3487cf9055592c90c45c97711c507
Apple Security Advisory 2013-09-18-3 - Xcode 5.0 is now available and addresses a security issue in Git. When using the imap-send command, git did not verify that the server hostname matched a domain name in the X.509 certificate, which allowed a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. This issue was addressed by updating git to version 1.8.3.1.
36470237c2b9e2979b0fb025e050ba382aeb9d886ccd43cd170b2d45dd2f3523
Apple Security Advisory 2013-09-18-2 - iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.
28033ee75b46e43dd395d653bcaeafcb70f1b640306db4446062bdbfd7ff9c7f
HP Security Bulletin HPSBUX02927 SSRT101288 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.
aa6b7ac4280371a19f7882c9282af21cd79cd3f23a82758bd65a72326125e77d
Adtran Netvanta 7100 with firmware prior to R10.5.3.HA suffers from bypass, injection, and cross site scripting vulnerabilities.
de57cf95a25a199d03c85cba970136084ba737d94ce33a865bda94b7d07f6e41