s3dvt suffers from a local privilege escalation vulnerability due to a lack of checking the setuid() return code.
0a8c3b679a43618d9ffc8263cd5c4998800f72c4afbd6b76ebceaaf9c16532cb
Red Hat Security Advisory 2014-0590-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
3ce09e0bbeeb6807c5f3a1b061e52b4fed2040dff175631e1dea9699fa8069a1
Red Hat Security Advisory 2014-0591-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
6e5aa47c9793de7bbc749ed60941233204e1aac6ba6a029a0ab7beec583f54f9
Ubuntu Security Notice 2229-1 - Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a man in the middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
909640c0fc291193e5e61d9571f927ddf4e65f724d30fece71cc30df2475a8bf
DCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.
e5daa4eb447688d47ee6554039d298426fdee9e6b9db86fd1833f9b82940238d
Xilisoft Video Converter Ultimate version 7.8.1 build-20140505 suffers from a DLL hijacking vulnerability.
9d010a0acfc983062ab447cbeaac928f56e1cce6c41aa73f7ae7b998328e425f
Software made by Cetil but now distributed for free by the Brazilian government suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
43b8dc21aeb405e4b5208b0ce417048266d66db58b7bb5799ac9cdca9d81eaf1
Digital Whisper Electronic Magazine issue 51. Written in Hebrew.
7d939903db20073d0eec06b6e28880dde07185d00ea9408a5b141ec6d6904da4
Ubuntu 12.04 3.x x86_64 perf_swevent_init local kernel root exploit. Based on semtex.c.
fd9f72a2dd8542f0cfadb2584eac4af048d1bf2fa6f239359482f9522ecc290d
Easy File Management Web Server version 5.3 USERID remote buffer overflow exploit.
b364c7edc6c03e244a4a4f0e0f4d9b842e07eab722f99c60858b54553b348888
WordPress Participants Database plugin versions 1.5.4.8 and below suffer from an arbitrary remote SQL injection vulnerability.
bfc21df6b694bca18e519ca1846159aca72eb7d6798097b206b51fa8ad5cd048