CNNVD.org.cn suffers from filter bypass and cross site scripting vulnerabilities.
ea97a2f0e9e90599d272a80276d4c4e7c4867e0356641442db74930ab6ce768b
ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.
6edc73bc09482eb4146ba7e7fb7884eac6f18e8dcfb66db1d1ad2bd22fd6087e
InterWorx Web Control Panel version 5.0.12 build 569 suffers from a cross site scripting vulnerability.
955f6d56ae74fedcfe4e5e3b116ba99d361954921a81dec6f868f9a530f5bcfa
Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
b1bcf86b50f13945e4651ed0ce9e77e77e5768f77e86c3da6c298710f5d17100
Red Hat Security Advisory 2014-0196-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341.
03252ceafb915633f418a58306c46d3c67d076e73055b5e2d6fc69c4a5d1415c
Mandriva Linux Security Advisory 2014-047 - Multiple vulnerabilities has been discovered and corrected in postgresql. Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. Various other issues have also been addressed.
c056bd5ca9b35038413312e652959f8070f5e5ff57a1435e0827ea375cacaa0a
Gentoo Linux Security Advisory 201402-26 - Multiple vulnerabilities have been found in libssh, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.5.3 are affected.
54bc1c3293e955ccb3036adb8153e9f984fd1924bbf3e67b7588d7e7d05af3f8
Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.
dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499
Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.
b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4
Gentoo Linux Security Advisory 201402-23 - Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation. Versions less than 1.4.7 are affected.
1cfd0d5f0fb45806d0f2f9036f3ae48ed7e9656364f91bdf2bfb40c33c748933
Gentoo Linux Security Advisory 201402-22 - A heap-based buffer overflow in TCPTrack might allow a remote attacker to execute arbitrary code. Versions less than 1.4.2 are affected.
ed7d1c7c7983fbe5c6a0fc0434bd45572d8a04b05d945a883f877ca58302826d
Gentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.
707bad1294ac3b0a266eaeb2ec4cb55aa7008c0ab780cd9c1f258db6072baa3a
Gentoo Linux Security Advisory 201402-20 - Multiple vulnerabilities have been found in KVIrc, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.1_pre4693 are affected.
c61e316675969c2cfb76e436110b34ef9afcd12d0323484e5485524a38a3a01e
Mandriva Linux Security Advisory 2014-046 - Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally phpseclib packages has been added due to new dependencies.
5499c576a7df330914ff676519142bf62bd04f5f2be1cdd03102f3ae2e614994
Gentoo Linux Security Advisory 201402-19 - A buffer overflow in libtar might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.2.20-r2 are affected.
551d7905d4ffe777cd040b0ada4455c1bf57e0d94c1391a2b1c629e783ccfac8
ATutor version 2.1.1 suffers from multiple cross site scripting vulnerabilities.
7772d5d04726dc9eca9f992b4b09c7718cd6b7879c83584b7b588b41971c633d
Apple Security Advisory 2014-02-21-2 - iOS 7.0.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
cde1d10d64b0767872cce08826488246a3000f833e12e93ab69299851856330f
Google's public data explorer suffered from an XML external entity injection vulnerability.
f1f93b1a77eeff328b95a62faf8d24425b8847dd2d7576805d6e28322cdc50d6
Embedthis Goahead webserver version 3.1.3-0 suffers from multiple denial of service vulnerabilities.
44cd51d338e32d88e1eaa567a6bbc3e1b11cda0771b9da276ef085ebd630834f
Barracuda Firewall suffers from a cross site scripting vulnerability in the exception handling functionality.
dc40815561f66aa5a2bb21a7ca2b1f03cd6c36a9519c40953253af410f5f16d2
Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user's browser session.
8c7cb8470dd05d45f08a3c8bf719e35d3641de67c99f53df0cf0f5d685cf33c5
AdRotate version 3.9.4 suffers from a remote SQL injection vulnerability.
e266028eac942f15f6d5c12f24958ce411494ef2b61a024a7a8ebda861c5fcd0
The HITB crew is calling on the community of hackers, makers, builders, and breakers to send them their 30 minute talk abstracts for consideration to be included in the 3-day single-track agenda. Taking place at De Beurs van Berlage on the 28th, 29th and 30th of May, this single track, like the Haxpo itself, is completely free to attend.
5a94102535da35547f397090f1530a04aa901fc426aee761e1b4a5b78ed40e53
Barracuda Networks Web Firewall X300 suffers from multiple script insertion vulnerabilities.
36ae852bde5cb477c4ae3614c988ae04b0ae0022389592cbd8ba055f726c683f
Egroupware versions 1.8.005 and below suffer from a PHP object insertion vulnerability that can allow for arbitrary file deletion and possibly code execution.
6acf0c7bb78bf16c4e7a80bf94295df8ed76adf8b9f716ddf1396c8f075f25e8