WordPress Google Doc Embedder plugin version 2.5.18 suffers from a cross site scripting vulnerability.
497e2ccda286e008626a60f9d575f4384dab4de0b541b70d5e96999e15ecd3c8
u5CMS version 3.9.3 suffers from multiple stored and reflective cross site scripting vulnerabilities.
24e18cc135d4a2f8248c258a2866d2eed34630258bfab05d9a0ca4686c51dcdc
Gentoo Linux Security Advisory 201502-8 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 9.17 are affected.
8b25111daeecad86d923dea6ab62f2ab11b37e8fde0d7e62cded8470639bf721
Gentoo Linux Security Advisory 201502-7 - Multiple integer overflow errors in libevent could result in execution of arbitrary code or Denial of Service. Versions less than 2.0.22 are affected.
bf14a652ac6ffd0e3ea97788fd3308684bf2220e01960169dc8aff07eb0adc67
Gentoo Linux Security Advisory 201502-6 - An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information. Versions less than 1.7.6 are affected.
29faa459c2b40ea3986840cd0476717e4e2d52fb4e0c7250621ba4aad858db0c
Gentoo Linux Security Advisory 201502-5 - Multiple vulnerabilities in tcpdump could result in execution of arbitrary code or Denial of Service. Versions less than 4.6.2-r1 are affected.
e0a490dd275c1688bb051b684d6d9d603df423956d39194a2ba5460ecdcaa5e1
Debian Linux Security Advisory 3155-1 - Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
1e243ed46aafdd0c6949039689c4eb88cbe7b3931bea8a5d830b2c688764226d
Mandriva Linux Security Advisory 2015-037 - oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted raw file.
68bd780b6d562051b12179c4a57f5f38c82ab20ffcf49b061676f53913d8b1de
Mandriva Linux Security Advisory 2015-035 - The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file.
c0d0fdf11463d788b243f4b3b8f4937a46d2c5452896e3d87ed2c7e1d2f09f49
Mandriva Linux Security Advisory 2015-036 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.
212e2d83ea64299229d2b7ec344d965843afb8af3da853f762e1f9a4d5f63fb2
Gentoo Linux Security Advisory 201502-4 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.23.8 are affected.
704af9a91a2aea64b538f4720a85bdb013ce9b13608e52b9e5fa6b57e832eefd
Mandriva Linux Security Advisory 2015-034 - An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
6f2b9aa523a2e44ac7be5aad5e6ca8583c556a47f7de8a17e2f369b1ba6386a6
Mandriva Linux Security Advisory 2015-033 - Updated java-1.7.0 packages fix security vulnerabilities. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.
de75c842108c6518b8c37fd7513f0640f18b98d5881b31b9651786b1e9dad5ad
Debian Linux Security Advisory 3154-1 - Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol.
dcbe226d406b61d19c8b1c51800dc375e88a1e0e32f9b1ca5fd3bcae98146a79
Mandriva Linux Security Advisory 2015-031 - The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this.
7ffcb0404049f1aab91ea9e1205ee647979c657bccac06a41d752983b70e64a3
Mandriva Linux Security Advisory 2015-032 - sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a.php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a.php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service via crafted EXIF data in a JPEG image. The updated php packages have been upgraded to the 5.5.21 version which is not vulnerable to these issues. Additionally, the timezonedb package has been upgraded to the latest 2015.1 version, the php-suhosin package has been upgraded to the latest 0.9.37.1 and the PECL packages which requires so has been rebuilt for php-5.5.21.
bbf5efb46d8541bd4023fe632610b7ca5406d789dcad020b27374e3c6f00750d
Mandriva Linux Security Advisory 2015-029 - Multiple vulnerabilities have been found and corrected in binutils. Multiple integer overflows in the _objalloc_alloc function in objalloc.c and objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow. The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service via a small S-record. Various other issues have also been addressed. The updated packages provide a solution for these security issues.
bda0d61acbd6391b49dc2d370ec31108f30c2494d31e11439d5f07d72c954071
Mandriva Linux Security Advisory 2015-030 - Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.
acea29f59c141edc8ada636ab2ce9dbf146a254ce6ee6a3acd2dc28718b5b2c0
Gentoo Linux Security Advisory 201502-3 - Multiple vulnerabilities have been found in BIND, allowing remote attackers to cause a denial of service condition. Versions less than 9.10.1_p1 are affected.
29996efc17656791f375ebed3e7ae8acf9c6003f05f2581f63f8031372d6ef5a
Gentoo Linux Security Advisory 201502-9 - A buffer overflow vulnerability in Antiword could result in execution of arbitrary code or Denial of Service. Versions less than 0.37-r1 are affected.
2198c6370eeb93248d3bea210c3784731d340e31da122180d580be4ae04cca5d
Chemtool version 1.6.14 suffers from a memory corruption vulnerability.
0f1baa44fefa1cf53f3f39ec07685a1b07441ee0b1a2c92b40091dca4247425b
WordPress Redirection Page plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
8708e64c5d3cb9316c397f0b2945cfe98631e0b256cf9d8a44f41d8430029ce5
WordPress Spider Facebook plugin version 1.0.10 suffers from multiple cross site scripting vulnerabilities.
05c4987140e7f12d38505e7a14c7e9256274ef46f188e1ab56081077a84daa69
WordPress Cross Slide plugin version 2.0.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
caa03a6c9a143215c1d4269bc414496575d0db2bc33a311b7242be9b1c50217c
Mooplayer version 1.3.0 .m3u structured exception handler buffer overflow exploit.
eec4dc4d9f3e8684c1cc6b1b014bde1cf268832a90cc5b754c2528754a1f0c87