Debian Linux Security Advisory 2831-2 - The fix for puppet that addressed CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource.
d9fa7fd252945f25239673a14edad62d6c60150628dad98e39a4e130ac6e6503
Gentoo Linux Security Advisory 201401-8 - NTP can be abused to amplify Denial of Service attack traffic. Versions less than 4.2.6_p5-r10 are affected.
bfee5ca74ecd0b48ef960b4e3d4b82173adcb82f55bd50bb8d7864079c00c3eb
HP Security Bulletin HPSBUX02961 SSRT101420 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
5ea964ac8c43cc470c7a273d7cc57ed3149345526175846ee55dbca653979c6e
Stem Innovation's IZON IP camera has hard-coded passwords that can be leveraged via both telnetd and httpd.
7fc873d3d71731d5736ab631f76a7b61a776a31d2cb74133e26ee6c5b0ed0967
Open-Xchange AppSuite versions 7.4.1 and below suffer from script insertion and traversal vulnerabilities.
f64894541784a5965d5e8dd55defafbccab9ab8f246cce119db4b1e2c9d56811
Debian Linux Security Advisory 2845-1 - This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple unspecified security problems in MySQL.
fa7f40229dc90120ac0e0aa2eb8e2e1325f67ad09b177a5753770abee5251c4f
SI6 Networks' IPv6 toolkit is a security assessment and troubleshooting tool for the IPv6 protocols. It can send arbitrary IPv6-based packets.
299af685fad82f9b373ea0fc9daa53ca62c81b717d9ddeb59f7329ffa2ea8212
Plone CMS suffers from a URL redirection credential disclosure vulnerability.
c8126f47351b05580931419b3561fe0a88c1f95cf8946c7dcd4656a6d3036dc7
Mandriva Linux Security Advisory 2014-010 - Multiple vulnerabilities has been discovered and corrected in memcached. The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. Various other issues have also been addressed.
56e23873dfb9810e91b41765d15d9e18cafd0f9578ff6c5806a952a61bf20fc8
bloofoxCMS version 0.5.0 suffers from cross site request forgery, local file inclusion, and remote SQL injection vulnerabilities.
668beef15d4f8f90dfb10c1735f36d023ec89384dee1488778317af0eb2ea645
Enghouse Interactive IVR Pro (VIP2000) suffers from a remote root authentication bypass vulnerability due to a backdoor private/public ssh key being on the systems.
9a973cc7a8a5306a32bf2e720f7349327145d6bf719e12f5ffffa787228cb573
bloofoxCMS version 0.5.0 suffers from a cross site request forgery vulnerability that allows for PHP code injection.
988e6ee3eaf925c583a5a4974787622711445dbe0b89779c4e5cc37dd851f755
This is a whitepaper that discusses using heap sprays with vulnerable active-x controls.
182912d0e8bbbc850abf4281ee8356d5767b5cb9c7194c7bbfc2b5eab415ddae
ManageEngine EventLog Analyzer version 8.6 suffers from a cross site scripting vulnerability.
fb2b863e3a6c89be1bed5b157e455b433c0efa45b5c8a60e740a73a619b3c3ba
haneWIN DNS Server version 1.5.3 suffers from a denial of service vulnerability.
fd11894f27db6ea3d16ce79549c8d30b70900e68f2b0ffdfe964f4db55ce894b