Samsung iPolis suffers from a buffer overflow vulnerability in XnsSdkDeviceIpInstaller.ocx.
b6d6a1c2a12ac249535847b900730cc7783217dd0b10561a9b461f6096e66d01
Debian Linux Security Advisory 3164-1 - Pierrick Caillon discovered that the authentication could be bypassed in the Typo 3 content management system.
c7d416748a11a800ad18562734439e97fc5c7b23b11f531240da0f1795307876
HP Security Bulletin HPSBPV03266 - Potential security vulnerabilities have been identified with certain HP Networking and H3C switches and routers running NTP. The vulnerabilities could be exploited remotely to allow execution of code, disclosure of information and denial of service (DoS). Revision 1 of this advisory.
1e5b7079d340789f718e38872fb41274da4f974274be3c825c5f3e12ddb930a8
Clipbucket version 2.7.0.4.v2929-rc3 suffers from a remote blind SQL injection vulnerability.
f9100e2bf9451bea1a2cc28324f069af76f121782cfc3f115453c63ed3703a94
PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a type confusion information leak in DateTimeZone.
960a07af7fc962fbbbd63879673d29572b4d34a6892640c9968ebecc39750216
PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime.
a243dbfd64f8ccb636b6f3bfc76ae91d623d78d08de0e0aa1aeff9c533da6157
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
cc58ba4a1d07ec5ca49f517d759210bafd38a2e39191ea5182044edbd44c94ad
This Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.
194f0e7d20b41bd0f60332ef1dde95810fea4f44e8d6390c5cd8dd449d473c9b
Red Hat Security Advisory 2015-0246-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw.
4b10e1f36554d8953a3c5a43c497178ccb04e8fae974d0fddbfa4cf2f159ff12
Ubuntu Security Notice 2504-1 - The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle.
9022b804e945f154e3f6d1967e4ffa8b7d7349976e98ce2808681b930e35e1dd
phpBugTracker version 1.6.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
80141a2040b6e83e1773fa82844b97f72955d8ce941b04a67be80c1a64d74097
HP Security Bulletin HPSBUX03240 SSRT101872 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
abc2b7afc4f8f47e2bf3872b6662dfd3cbd30f380650ada88bbaf256a29a3160
WordPress Easy Social Icons plugin version 1.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
fd957c35e50224cc064e2cf7276a9291121981439577b9efd85ab12f511589c2
Debian Linux Security Advisory 3163-1 - It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files.
cf591ba3144f2cc4d5e527fce22a32946a8b35589844e3ca830a1e843e8e4c34
Debian Linux Security Advisory 3162-1 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".
712f536a8bf23bc5f8d33db7a0de53d43e7ac7b83f25eb9aa8ff4b95164b1dd5
4images suffers from cross site scripting and clickjacking vulnerabilities.
09c4abaa255db0a37a4f9f84e77c05b488e33ba4523376c67742e931a2cd42b2
WordPress WooCommerce plugin version 2.2.10 suffers from a cross site scripting vulnerability.
3050b4f52a9bef799cfb09247cc5c4345f9a7d45e75923cfb83f6d4f552d9cff
MyBB version 1.8.3 suffers from a cross site scripting vulnerability.
1d47711226472947526b8fac23169ceec888526e58a712734ce421ea17a18d26
Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
463693c779a9fe1609ab19cf5871b4c590340ef78f68ac0055a8b97792888187
Ubuntu Security Notice 2503-1 - Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service.
896f3f1ebb14472afcabb7f719bd450e53bbba558630a1cb3030afc8ce469de1
Red Hat Security Advisory 2015-0236-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4J that rely on SAML for authentication.
a6ad49cfc9fa80817b40cd6dc90e6ccb53b55f47cc55c330a334b931986ef67d
Various Hybris Commerce Software Suite 5.x releases suffer from a directory traversal vulnerability that allows for arbitrary file disclosure.
17b94928a6a0b7178ed197b19f76f4af812b8e169995b757edc5833a7ce479d2
The jQuery jui_filter_rules parsing library suffers from an arbitrary php remote code execution vulnerability.
131a9fd0e0fc4c224e84111b39ffb97b81febd81cf27c8d5d9d53012bf8b05a3
InstantASP InstantForum.NET versions 3.4.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, and 4.1.3 suffer from multiple cross site scripting vulnerabilities.
198979dff8c07522717738454f6462a6ff57118fb83d630a79ed893092c24062
Piwigo version 2.7.3 suffers from a remote SQL injection vulnerability.
4f89c8ae87708c11b47721a446fb545ef18c11237e913f40918d5b424441273a