Red Hat Security Advisory 2015-1023-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
6eb794a5c0ab83b003193d853a129ca03eecc87bb5e448424373010f34554ed3
Ubuntu Security Notice 2621-1 - Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values, possibly leading to security issues. Various other issues were also addressed.
698c9bbae93dfe50fd74e77f2fe4476beaa4cdf32cd2098bad76dae6f209aea5
Debian Linux Security Advisory 3265-2 - The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154.
3ed80bad260108444011947810e0434f6a3476ea2c1a354b05d75a8d188fe20b
Debian Linux Security Advisory 3272-1 - Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of service.
0769bab7ebc694dbeaf6af932717a75df86598082acbabc2a20181b57e68e52f
Debian Linux Security Advisory 3271-1 - Tuomas Rasanen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service.
567fb50afd9751ca422d2bc84d615c534ab4290c75ef5d129abf23ad4e78b5ed
Acoustica Pianissimo version 1.0 Build 12 suffers from a buffer overflow vulnerability.
5b4e71656a5e56925fdd005d4978caf3ef93325e716e7619d25c2a02ea9be455
Teampass version 2.1.26 suffers from a persistent cross site scripting vulnerability.
7a4a201a6f5ceb663b5f93b79a6632b544d658066bdff50e85aeb362619b26bb
HP Security Bulletin HPSBGN03325 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow elevation of privilege. Revision 1 of this advisory.
f0623c7da0e57d8ed114c317df5465df0cd4cc455a883ecf6e80f8a1c340a140
Bashi version 1.6 suffers from a malicious script insertion vulnerability.
712e2b7af451c8707b300f6092dfeea924aaf32185aec96947ad335dc5840e19
WordPress Landing Pages plugin version 1.8.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
38c93b584c4370e8a7448be532e3f9ddf49a3199592125e65aea3e71c9a0a8b1
WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities.
c21475a98b02c9872e5a37cf40c15b71b1986b1e59d0d40ea8f9648d635eb20d
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
2346cb8a2fc75ea56934cb9867463001665772308f2d9e7fe487159d38960926
WordPress Church Admin plugin version 0.800 suffers from a persistent cross site scripting vulnerability.
644b4b676956c1abe46ee05aed38b45a753085c0835c7ebf5f82dfeb84eae8ec
WordPress GigPress plugin version 2.3.8 suffers from a remote SQL injection vulnerability.
c6416d8e44d2b5ff46c60336bc975b7742a4a66c4fe4b8de55f81ba500e1c382
WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a remote code execution vulnerability.
582145284854aac7ad3c3a38aafe49d11fa99d1393cd594bd61e289d08ddb5c3
phpwind version 8.7 suffers from an open redirection vulnerability.
2cfb428d9695da5e3fbaec0790c4d01de2be804abe377d5a13949da00f0523b1
phpwind version 8.7 suffers from a cross site scripting vulnerability.
1604166fb1c18e5c1d11256ee06a7d58052ceebc51c063aba57f96fe039e1a21
Vesta Control Panel version 0.9.8 suffers from a cross site request forgery vulnerability.
c2645b4a8ab272752f3327b66ce8adc1b4aa50f89c60265a5dccd5488f217b87
INURL is a php tool written to make searching across multiple engines easier when researching web site targets.
46d0ecb060e9ed535e15234b1dd662cffc850ac87a4c0001b555c95e639dda2c
WordPress Estrutura-Basica themes suffer from a local file disclosure vulnerability. Note that this advisory has site-specific information.
7e6fb03ddc410197b89cb711c3d7b49bcfd1effe84cbf71e952385fd8909c84a
SITEFACT CMS version 2.01 suffers from a cross site scripting vulnerability.
25fc86df1f84c88ce94127d44b4351010b9f51233038fbac3801b2f2a88e0979
UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.
8854c4ac73c3340e8df57a390b82f146de351b55103de03153e3838b80cd3341
Gcon Tech Solutions version 1.0 suffers from a cross site scripting vulnerability.
78e2c8b0a4ea364a57ad54d204934326bc489abb43255c9176bf33aad8567441
Gcon Tech Solutions version 1.0 suffers from a remote SQL injection vulnerability.
6ccc427f0a64e0f68d55e041ffc40efc5beee7b19b648e187aee34eae09cc753
Ubuntu Security Notice 2620-1 - A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
edd5f480421b210b457c2499a531a190bccab8ba2c8fbe7e2e7ed8ac17fa7415