Ubuntu Security Notice 2123-1 - It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use this issue to cause file to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
c15cd48bc8b2799f13c365755252a2482623291ddeebb7c5be3f90af4ec34e10
Gentoo Linux Security Advisory 201402-27 - A vulnerability in pidgin-knotify might allow remote attackers to execute arbitrary code. Versions 0.2.1 and below are affected.
bd35a01c12edbb39efb00665101fb5625886d7cf8e22e46d5468af7c2c2f6b98
Piwigo version 2.6.1 suffers from a cross site request forgery vulnerability.
9fa115551f322ba1a0b022b4e18de7ff9a95a261a5eb3f402337f5cf4f4d20a2
CosmoShop ePRO version 10.17.00 suffers from an authentication bypass vulnerability.
9ca82553e2a91b39a4615aa811e754f8bc091c8b5bfe3f6def05090e26d88f4c
WordPress Alpine PhotoTile for Instagram version 1.2.6.5 suffers from a cross site scripting vulnerability.
fb0e7ff33564e1c67c0ba31392952aafa3ffd8c78f14845e2a0d34d6165e9147
WordPress PrintFriendly plugin version 3.3.7 suffers from a cross site scripting vulnerability.
0597b3f3efd8178b04551532352cc9d00f93f12822c84d0ab5fd356b6533aa61
Drupal Project Issue File Review third party module version 6.x suffers from a cross site scripting vulnerability.
e28a6cbac52ea9062d475561ecd582132a19356c74b977a8f2c3c14fd96983e8
WordPress mp3-jplayer plugin version 1.8.7 suffers from a cross site scripting vulnerability.
91b07fd21c45f1692daef0821fa7179eaedefe8e444588acf5a7ee01b5f84792
WordPress BSK PDF Manager plugin version 1.3 suffers from a cross site scripting vulnerability.
5c5300181fb7e63a9409940bf6f5c2ca5a0fba53380dad56c2750875d79e9315
Drupal Open Omega third party theme version 7.x suffers from an access bypass vulnerability.
3ffbc3e066436f401887a605bc6972b7273f85ee4b6ffcd592b9a0d7aa384779
WordPress VideoWhisper Live Streaming plugin version 4.29.6 suffers from a cross site scripting vulnerability.
f31d3cbdaf63234b21c5fb7834cf22badf88ed91b40256060480d17b14fee27f
WordPress Widget Control Powered by Everyblock plugin version 1.0.1 suffers from a cross site scripting vulnerability.
ba19ab112ca4f59177f954fde29f8db27ebda68e9b8957708911bfc40b9ad510
GoAhead Web Server versions prior to 3.1.3 suffer from a denial of service vulnerability.
62316905684cbb42f570b049e4d87177417005d271d14da5f3b675df0a3f533a
WordPress Post to PDF plugin version 2.3.1 suffers from a cross site scripting vulnerability.
dfe32028cb2dfb453144c718be3ef8f11ff9595e5a6081f52cc999718970b5fc
This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.
ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183
Red Hat Security Advisory 2014-0212-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes.
083d0305dc9b69b6fb620edee0c12f90b0c62b6152a1739f807e78fc9c42146c
Ubuntu Security Notice 2121-1 - Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.
e31472c1008f49db136961e116376c9d6245bcd51804c58ec233ad40a1dc16b3
HP Security Bulletin HPSBMU02971 - A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure. Revision 1 of this advisory.
7fa114f44e68956bc8ed3ff8e81ed51edc85fcef8252cb59af1e782d0de5c135
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
5f6e1facff15ba1522757d0f05523382784dbb613ed3191964599d233372cec2
Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability via XXE when running untrusted web applications.
e5038c902c4a597115e468b2cd9304969026597458d6fd3280891c6e2c2d59df
Red Hat Security Advisory 2014-0211-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
b42104045524c5b6c7136d8eb51782dbe945f7f2d689f9496c733b7271a311ba
WordPress Zedity plugin version 2.4.0 suffers from a cross site scripting vulnerability.
bf216e13309ba2da46c46dfe289f9ead0670f5dc9fc964553aa0349e0959017f
Private Camera Pro version 5.0 suffers from cross site scripting, command injection, and local file inclusion vulnerabilities.
17fb206f13e33a50cc85ae1512cbabef9096f351f2e53a74039828fd6491558d
Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from a denial of service vulnerability due to an incomplete fix for CVE-2012-3544.
8ac3ea938f07d2896bed13e92312af0a063d45b0633a23f122e4629acf2c3085
Joomla-Base suffers from cross site scripting, XML injection, denial of service, and path disclosure vulnerabilities.
9c3d160db634706c722994d1718973ddd740dd54ab93bb856a71efe8bd1ddd6d