Cisco Security Advisory - The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
0d4a383712ff0282199a25bb4210625c70f16c2c87c4f53b3319173aabba2fbe
Cisco Security Advisory - A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet. Only IKEv2 packets can trigger this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
3ed033886a5bb2ef55bd66f456b12eca7c89d9d2e52708ccd6de0d850451992d
Allied Telesis AT-RG634A ADSL broadband router has hidden administrative unauthenticated webshell that allows for command injection.
e3656907ce60bc967c703eead969f7f9b2ab164514e55b51d9246f8a9fad51ca
VirusChaser version 8.0 stack buffer overflow exploit.
6ecbff68b7197ddb88d7ad80fa57db0def9d0748f4668c04b41b49f4bea3101e
HP Security Bulletin HPSBST02968 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 1 of this advisory.
f9916c858b8cddf46f16e2652c95490e1dc6a1a18521a597b445d0ba078efa73
Cisco Security Advisory - A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
3c8d9199071a60dcdd3e347bae1e1bd71ef643ce811a3c7718db399f9ee2c6db
Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software and Cisco IOS XE Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.
f14a7c744e74a61688552f3dca910fa334cbaabb61d41749c186baaed9f98772
Gentoo Linux Security Advisory 201403-6 - Multiple buffer overflow flaws in libupnp may allow execution of arbitrary code. Versions less than 1.6.18 are affected.
e03eb83d2a7aa7021aa08869a4d96954a3dadcdfda9b744e73250ff73718e8e7
Ubuntu Security Notice 2156-1 - Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords.
5348fba08a330686b2e7b10f988a125fa442b46076c0d25fd74aabe5866964ee
Red Hat Security Advisory 2014-0335-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.4.0, and includes bug fixes and enhancements.
6693be76567f1848f315232357e5b073ef0eae20d36558a65313d90bd2e521df
Gentoo Linux Security Advisory 201403-7 - A vulnerability in grep could result in execution of arbitrary code or Denial of Service. Versions less than 2.12 are affected.
3300c2cdba3b6b189e247ca96f92523bfd66af9037dc016c6445c91e715d47bd
CouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.
c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
6e30423d029452c6f0ec2be1241b76f9efe630b10e66439c25475891997decfa
Cart Engine suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 3.0.0 is affected.
96827d831045ae34ca4e250341d2bb5d34d2c393b7e1b2c30722378dcbb33018
Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0.0 is affected.
e6438c80cea51cd67f5b475b75797244bde2786c6699715eb2d377adccfcc5eb
Cart Engine version 3.0.0 suffers from a database backup disclosure vulnerability.
c7cf38ab11e6169d1cc1ba8f453fe47dd8768354389975edf2b1d86f00798b8a
Kemana contains a flaw that is due to the 'kemana_admin_passwd' cookie storing user password SHA1 hashes. This may allow a remote MitM attacker to more easily gain access to password information. Version 1.5.6 is affected.
a05a7aa326979bff6b52716919249f5f27c6dfe85a75b89136e3a0640f8527f4
Kemana Directory suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 1.5.6 is affected.
0a9db43d181684d4b67300a7a8625d1771c50ac3101d708a1e0875bb7283adff
Kemana Directory version 1.5.6 suffers from a local file inclusion vulnerability.
8280cb54fa2414d97ddda5ca6dc643d446370afef4e1233e02d3910a6f6a12ce
Kemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability.
b881b2ca8151d4b9ced7f6b0bad082ecdb8a0d92afb40a6cb9b480ebe7e085d5
The CAPTCHA function for Kemana Directory is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. The function 'qvc_init()' in '/includes/function.php' sets a cookie with a SHA1-based hash value in the Response Header which can be replaced by a random SHA1 computed hash value using Cookie Poisoning attack. Successful exploit will allow attackers to bypass the CAPTCHA-based authentication challenge and perform brute-force attacks. Version 1.5.6 is vulnerable.
0bbff6971475a515bf53c4adad31d393da5d381a7dab0bd0af11b3b1eca540c9
Haihaisoft HUPlayer version 1.0.48 buffer overflow exploit.
312f190b56156e4a5cc161186004f6f6ab66d996805794fdfcf9a134f23fdba0
Haihaisoft Universal Player version 1.5.8 buffer overflow exploit.
1eb1a1c521bb6b91b7db8e8b5979e0d6f55e3c47414fda473f5fffc0a00327af
The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.
2661a94be4bbc4822c2a0c9ff839ec7aafe7ef60fc89113bfb792b62e32262d9
OpenCart versions 1.5.6.1 and below suffer from a remote SQL injection vulnerability.
703149d4078abdc95ff0f473bd181a93a4f3386cdce4320a2ca8744e981ee3f6