Mini HTTPd version 1.21 stack buffer overflow POST exploit for Windows XP SP3.
6b9603bbda9cff25f4c22bcdc841389ee80652a11577c40f599cd58da168b97b
SolidWorks Workgroup PDM 2014 SP2 suffers from an arbitrary file write vulnerability.
5031db0895f8f86ccfac8994d8fada3d4c9910fce53ab7ccc8b1fed2ed1b9fb1
Subrion CMS 3.1.1 cross site request forgery exploit that adds an administrator.
196ea2067b8fb16e7b8e88f1764e7c86b7d128377d20d4d793de983e73a095dc
Debian Linux Security Advisory 2866-1 - Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default.
267bbb9a2b3339b537b0cb41a2ddf6033c2c06e9019ecfde71c400bd8e04dd45
Telligent Evolution version 7.5.0.32466 suffers from a cross site scripting vulnerability.
ebf39516b15980bbdcc0d874db8a1a9772574ad44c2a961fd0d64eb09c67ff3e
GoldenEye is an HTTP/S Layer 7 denial of service testing tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.
80e0d5a7dde9e0323ed3e02e1089d03713fff0ff8625d27a202e927517f4fac8
The 44CON 2014 Call For Papers has been announced. 44CON is the UK's largest combined annual Security Conference and Training event. Taking place on the 11th and 12th of September at the ILEC Conference Centre near Earls Court, London, they will have a fully dedicated conference facility, including catering, private bar and daily Gin O'Clock break.
6bc536a50e23a496e3230d06a708b5250cdf7295a20a23091f6f4ba6bae6f2b9
CMSMadeSimple version 1.11.10 suffers from fourteen cross site scripting vulnerabilities.
a5774bb267898276c4969bdf9b9b4b4526766ff535c3954c1cd6596f037ea7fa
IBM BPMS version 8.0.0.1 suffers from account reconfiguration, privilege escalation, and information disclosure vulnerabilities.
5bc100973e8ede6772241ce111902e09ddd52ed35ab950dc88c83434e0e6ca4f
ILIAS version 4.4.1 suffers from cross site scripting and remote shell upload vulnerabilities.
c0661e7076cb96d3a4d5d6f668620a2b19c64b24aebb226ce42ff039d7da7091
CNNVD.org.cn suffers from filter bypass and cross site scripting vulnerabilities.
ea97a2f0e9e90599d272a80276d4c4e7c4867e0356641442db74930ab6ce768b
ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.
6edc73bc09482eb4146ba7e7fb7884eac6f18e8dcfb66db1d1ad2bd22fd6087e
InterWorx Web Control Panel version 5.0.12 build 569 suffers from a cross site scripting vulnerability.
955f6d56ae74fedcfe4e5e3b116ba99d361954921a81dec6f868f9a530f5bcfa
Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
b1bcf86b50f13945e4651ed0ce9e77e77e5768f77e86c3da6c298710f5d17100
Red Hat Security Advisory 2014-0196-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341.
03252ceafb915633f418a58306c46d3c67d076e73055b5e2d6fc69c4a5d1415c
Mandriva Linux Security Advisory 2014-047 - Multiple vulnerabilities has been discovered and corrected in postgresql. Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. Various other issues have also been addressed.
c056bd5ca9b35038413312e652959f8070f5e5ff57a1435e0827ea375cacaa0a
Gentoo Linux Security Advisory 201402-26 - Multiple vulnerabilities have been found in libssh, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.5.3 are affected.
54bc1c3293e955ccb3036adb8153e9f984fd1924bbf3e67b7588d7e7d05af3f8
Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.
dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499
Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.
b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4
Gentoo Linux Security Advisory 201402-23 - Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation. Versions less than 1.4.7 are affected.
1cfd0d5f0fb45806d0f2f9036f3ae48ed7e9656364f91bdf2bfb40c33c748933
Gentoo Linux Security Advisory 201402-22 - A heap-based buffer overflow in TCPTrack might allow a remote attacker to execute arbitrary code. Versions less than 1.4.2 are affected.
ed7d1c7c7983fbe5c6a0fc0434bd45572d8a04b05d945a883f877ca58302826d
Gentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.
707bad1294ac3b0a266eaeb2ec4cb55aa7008c0ab780cd9c1f258db6072baa3a
Gentoo Linux Security Advisory 201402-20 - Multiple vulnerabilities have been found in KVIrc, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.1_pre4693 are affected.
c61e316675969c2cfb76e436110b34ef9afcd12d0323484e5485524a38a3a01e
Mandriva Linux Security Advisory 2014-046 - Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally phpseclib packages has been added due to new dependencies.
5499c576a7df330914ff676519142bf62bd04f5f2be1cdd03102f3ae2e614994
Gentoo Linux Security Advisory 201402-19 - A buffer overflow in libtar might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.2.20-r2 are affected.
551d7905d4ffe777cd040b0ada4455c1bf57e0d94c1391a2b1c629e783ccfac8