Red Hat Security Advisory 2014-0908-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
ffbd23e1ffa92495eb815c4ce9fe146ac8dbf2ad7faab7a36f44fbff8b6e6656
Red Hat Security Advisory 2014-0907-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
5d4dc327b258590b3b361bd36345fb85de08449993e8a79dc78af5a20677802d
Red Hat Security Advisory 2014-0910-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.2 release serves as a replacement for JBoss Operations Network 3.2.1, and includes several bug fixes.
7af56d5dc9c292b2a0044d35f62a3d98324ab1a497e7002967f712beb2148fa0
A race condition between updating httpd's "scoreboard" and mod_status leads to scenarios where a heap buffer overflow can occur with a user supplied payload. It can also leak heap and critical memory such as htaccess credentials, SSL private keys, and more. Apache version 2.4.7 is affected.
ee93437fdd7a87a46f45a1de0aa1d92409e430a87df1e246e818c6f4f25fa1ec
MyConnection Server (MCS) version 9.7i suffers from a cross site scripting vulnerability.
5a16d17c8e73a4dfbe43b4d1e8e6c805b4f1e52f5f10b58566b5e4aa143981ce
The IBM 1754 GCM KVM suffers from code execution, arbitrary file read, and cross site scripting vulnerabilities. Versions 1.20.0.22575 and below are vulnerable.
34b46f6efc7a6f5be6994d9dd9ba60ffa5ba29218e6a3823dedc1b4384fc4d64
Ubuntu Security Notice 2293-1 - Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
d0afde3f652695a582f8f83010eff7e3e04b687512bd57083978cd1bcf5e8994
Debian Linux Security Advisory 2983-1 - Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.
938dadbb8de11e8c9f694b1d0aa220d43066d093cbf3007b9fcf5251f03c8315
Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.
331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7b
This is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or automatically walk the directory structure if the vulnerable system is based on Java.
2a7816d21a64e47351a2d07b9a62e0b2608e025ddb24e5a5ec4f745d5b82bbfb
A vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft MQ Access Control version 5.1.0.1110 on XP SP3 is affected.
ac6de6f3a8cc010f9936f8753463cdbb1d352b1255340abf3d899a75f1c67f7b
A vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft Bluetooth Personal Area Networking version 5.1.2600.5512 on XP SP3 is affected.
9520a3d17643c7ebf1130b867b4f899c083ee1d3103c9e343a9e895529ec8545
Elasticsearch Logstash versions 1.0.14 through 1.4.1 suffer from a remote command execution vulnerability.
af4c8c7dd3bc0722d099ec0c672298ee3ab08240c306a42f89bf7e33cf00c9e4
Tenable Nessus versions 5.2.3 through 5.2.7 suffer from authentication bypass vulnerabilities via parameter tampering.
33337334a513e4df4458a963f3444bbb96eb239bd1c02b33d1f2ff8080064786
Proof of concept code for the MTS MBlaze 3G Wi-Fi Modem that suffers from credential theft, login bypass, password reset, and cross site request forgery vulnerabilities.
c237b06e1b37e1e0e5a7bab3e3cb3740e9813d5c396e49c2dd6218c589c8f199
vBulletin version 5.1.2 suffers from a remote SQL injection vulnerability.
db8cf150020eef4c1a00944e82999c0b883bc572da700d8850068754842585aa
World Of Warcraft version 3.3.5a suffers from a stack overflow vulnerability.
6c348ae053fb80af888cc9d1fe45f3ae586846d8bf805794fc5cc1a77e195153
WordPress Gallery Objects plugin version 0.4 suffers from a remote SQL injection vulnerability.
303e8fce5b978c0a5f0a4342187a24f0b8a25adc008fa5057ac61f3fb16e685d
Sites designed by the Design Foundry suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
ac285e3041cdfdf4907dccb955ca1807933b3c910d7fea8386914ba076c0b995