Red Hat Security Advisory 2013-1460-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state
43b8878126f2d8197447500e23a48bae3a714f62c8fe52e9b08b96ce1e28e43c
Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.
e84173be8280a7b8f575e8f3452aec7371dc39379e8db2f2dff934de891370cd
Red Hat Security Advisory 2013-1476-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox.
3c068c36e9c152a2f1a4ccdcdcc11b5f3b52e6eb75250554572367439033c82a
Red Hat Security Advisory 2013-1475-01 - PostgreSQL is an advanced object-relational database management system. An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service or disclosure of certain portions of server memory. A flaw was found in the way the pgcrypto contrib module of PostgreSQL initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks.
f016163d3aebfd09fc79cc341c042bd891dacb31ae347f0f6ee3492cc8ebf390
A vulnerability exists in EMC NetWorker that could allow exposure of sensitive information under specific circumstances. EMC NetWorker version 8.0.x is affected.
b065e24f0863cdfea51436716d40a59d9aba6197e39dffe532a7b7eaa0bf18e2
Olat CMS version 7.8.0.1 suffers from multiple cross site scripting vulnerabilities.
39f8f1c2c8222466efd3ca3ff8b44c69d993ead66bdbacc015256813cdc192dd
BlazeDVD version 6.2 SEH buffer overflow exploit that creates a malicious .plf file.
0402fc513d6a45f0367fd4919f1fef0d3db1446cfc7c5861412a5c395ac44e6d
JBrute is a password cracking tool written in Java that uses both brute force and dictionary attack methodologies with a built-in rule pre-processor similar to John the Ripper. It supports several standard algorithms and several algorithms from proprietary applications (like Microsoft SQL Server, Oracle, SYBASE, and so on).
b6c69e1f756b77729e18afd6c66c9ca1c8854466b8b9630deded0f3187f6bc73
The ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.
ecd490cdd8df6d6a8157d63cac98201e4d8df54dcb1b076013ed6fe6f001b466
Ops View version pre 4.4.41 suffers from a remote blind SQL injection vulnerability.
92acf8e21feac8586d79811c350e5a6dedf7fd0f2d984f37157264df9d4b6078
sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.
7f25065280e73ca0e7c1a1f6429061cd9ee6353dfc98cf483575c0a5d76a0da5
WordPress Curvo theme suffers from a remote shell upload vulnerability.
c265d8b2cc6ce8faadfecc0108e2b0d861d13d909118a052dac7b78a99e62f9f
GTX CMS 2013 Optima suffers from cross site scripting and remote SQL injection vulnerabilities.
15b0c869a76223dd746013e56d764bd49329bdf34f6ac55cc179e1aaf8849e87
All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.
f68f31523fe048d0a532378407c09820e34245d3b9aac37fc00b428562210019
WordPress MoneyTheme suffers from cross site scripting and remote shell upload vulnerabilities.
118f2518be3ef83f488608e39f34988f8e8d867943df4d1309be1c8476a48492
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
c6fbcdcd32b2f38cca3bbfa10759556d66f4795ac6e6e50503f2ee5c08c081b7
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
6813d0b16b92618b0fef1b7fe92bb5a791828234de88360d218974919a608688
Nagios Looking Glass versions 1.1.0 beta 2 and below suffer from a local file inclusion vulnerability.
b559942ca1d79679b01289352c21da35b85fe34317420496d47a3ec476513f4a
MobileIron version 4.5.4 suffers from a cross site scripting vulnerability in the device registration functionality.
0086a60987e5725b61729a566ad575d52c9d7f81ffe6150d619bb1da469fb747
ILIAS eLearning CMS versions 4.3.4 and 4.4 suffer from a persistent cross site scripting vulnerability.
59f2e84c3cc83759cdb50071ff2bddc46f93834010bcb679cfd619392d3bbd7d
WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the perl version of the exploit.
45ceb4ca62ced50ff5102abdde412ea0e3161ebbaec885e97cd203a93e46c185
WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the Metasploit module version of the exploit.
25e73d8a0ef4e8e0a8edf7728db4ae486de866a485e52d6b0401d2ff36d67792
Struts version 2.3.15.3 suffers from multiple cross site scripting vulnerabilities.
c6554f49acdc80a0d54e90157d4de1ee7f01933f3569c0eb965debf94761230d
Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.
7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd
Ops View version pre 4.4.41 suffers from multiple cross site scripting vulnerabilities.
f03cc918c29800f4fb81785310e92c629c35a77aaa048713a3b86f607b6c1b59