GoToMeeting Android application (com.citrixonline.android.gotomeeting-1.apk) version 5.0.799.1238 is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.
389df097f281daaa7d9dbb9c56c808dd4446da2ce103d5ebb8de28f30a998b7d
WordPress SS Downloads plugin suffers from a cross site scripting vulnerability.
e7e32f80a9b115f22a4c04630e2287e8ec3e6d477abe62b6eeeca82b4b163304
Simple e-Document version 1.31 suffers from login bypass, cross site request forgery, cross site scripting, remote shell upload, remote SQL injection, and various other vulnerabilities.
d8e915c9f3da5e00522f2f5a23346a479926590b24a8d0c3da5e67600297bd00
WordPress Seo Link Rotator plugin suffers from a cross site scripting vulnerability.
396ce83d6ac42563fd0a710f4db39ced9b30c7118dc539f7f1e5c4936c37f350
The whitelisting functionality in Apache Cordova/PhoneGap suffers from multiple vulnerabilities.
bf6c217f2c3f51ae1155eb33fcaa924979dee83db65e026dcd837d354f6d4dfb
SkyBlueCanvas CMS version 1.1 r248-03 suffers from a remote command injection vulnerability.
edb1dc8edd44d6d33407ec7f1003b2866b604f61799c9db86b8103a2b24694b3
Drupal version 7.14 EventCalendar suffers from a cross site scripting vulnerability.
1f3e58de44388bcc99c04ff88aaf23d52abd1dac99f452c857af5d0c9f80660e
SSH Back is a set of shell scripts that assist you in shuffling an ssh connection over socat and ssl.
09af0387a939825a564d95498365c96e775d71722a4345510eaa553305ecb667
Mp3info local buffer overflow denial of service exploit that spikes CPU usage.
b5deb6a792d6a949d3e5e679490e6aa9c87258ed31e39e318f17e5babbae1e81
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
414e38c5d3ecc466d6afb732c1e3b474933f86631afb8d31464bcd5b0317d142
pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.
b4febd30f5ce93221ca07adaa67509442b41b186e1b14b8debfe2154c84000b8
Debian Linux Security Advisory 2826-2 - A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban.
1bbcb2ef9cd6819e795dc162ddb5c7da744ee0f48217762ade9f578929c5dbef
Mandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.
6996dd421efa9117f4b483fc6c479c51d2d2854a243ed739ddb0e740fc9be9d1
Mandriva Linux Security Advisory 2014-023 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code.
91e13eb8f7923827c581c119376fd7f9a940365f7e3775d6636dfeb8210cd760
Mandriva Linux Security Advisory 2014-022 - Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.
a4e7b7f5fa921c10736f914500d3700c44b196142c7c1c7ad4fde57f33181a71
Mandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.
05feabcd42048ef05480549d29b92bb9644404398225353fca335e295da4c1c2
JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.
05d3cecf7d59ce888a09043a4aa1af1988abd9d302ed9dd5da80c76ff2e50e0a
Ubuntu Security Notice 2089-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
df92bc480d2bbe6892b45b34f1f7ef44d0eca78db48442c04a95810382a58c45
Ubuntu Security Notice 2088-1 - Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.
a0185fb2945b52f58676814f7c2d5a0d59a2bdc2468d9bf7fdbf55f2e85626b7
Ubuntu Security Notice 2087-1 - It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.
68b326ff5a9d1bc5579dcfa9d4d047a99dd6f38fdc19188032d750ad6a1721de
Debian Linux Security Advisory 2848-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
8de1a42f32bbbd17b73175f40ccc257f1623775f9476c9721e9cee2e5ee35c38
Gentoo Linux Security Advisory 201401-26 - A vulnerability in Zabbix could allow remote attackers to execute arbitrary shell code. Versions less than 2.2.0-r4 are affected.
e0fb59bd4a266a7be27464719a779471253f871e5060cc531de6395af2005985
Adult Webmaster PHP suffers from a remote password disclosure vulnerability.
5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1
Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.
88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9e
XOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.
1e0e8100901e6b54d82414baef8ff4d635720aa18959798a0e446a285227c175