CoreMail version XT3.0 suffers from a stored cross site scripting vulnerability.
f921686d976a5a7c22956d7212359350cfd0ea21e63e1684c4e814378959176a
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
9a46989eee181e328c57caf12598cd6f3ea923771ce3c7623d8be44a4a68df57
MyCustomers version 1.3.873 suffers from a remote SQL injection vulnerability.
2f4222a07b82de124e338becccee82b40bd19c6939570f75d9088587d4bf9074
WEBONE CMS version 14 suffers from a cross site scripting vulnerability.
d5f7e78a35f7ed4a83b67ecffb5c6863f0290d23b93409df4ca40a0528bf4a3d
Mind Wave Softwares version 1.2 suffers from a remote SQL injection vulnerability.
e781282f425d882d2e6b18dc224765a38cb3052c0cd292a6ed945168cfd27783
Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability.
11c702c88601ac6e95e42022410b65f5fca9d57c43f676ae447bdbbbf28e80b1
Red Hat Security Advisory 2015-2517-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
307be76e804ec87b99d8c4285e6c0b866882e5818e8b5c81784f0fb7251ae4c0
Red Hat Security Advisory 2015-2516-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
89a84ea97cadc015b03977c43f2838c425f5b6e67730b5a868ae859c0b8f11b9
Red Hat Security Advisory 2015-2515-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.
e32fe9ddf8851ecabfcf5006bf82aa9daaffa5a9d19aa1c0ebfacda0fa5155eb
Debian Linux Security Advisory 3404-1 - Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings.
0b58e8ca659dee4ee5116e23bd086472730fc449accaa2eca6cb5501d11fc141
Ubuntu Security Notice 2818-1 - It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.
a9fe82136c955c433722b503fc60c06705defffd05682f9e89d7645dee7a7255
HP Security Bulletin HPSBGN03523 1 - A potential security vulnerability has been identified in HP Loadrunner Virtual Table Server that could be exploited remotely resulting in the execution of code. Revision 1 of this advisory.
6f4706b10ff069ecad90deb5270a945fba17698a771ff4c1087123518ddcb4eb
Ubuntu Security Notice 2820-1 - Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.
5ea619810a1858647bc6decd944ac40456af9ba8b3a6b17aa480ef128878af21
Debian Linux Security Advisory 3407-1 - Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.
9598ae2264f8a14638f87a3ca5d821950ee36da44b3324ea62f986b8f2e0c4d0
Red Hat Security Advisory 2015-2519-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information.
a69410df0fcb37dd6f888b0b290e215e7d2ec1cb9c8fa9f167275dbff6ff9de4
Red Hat Security Advisory 2015-2520-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.
5688d2b98fee014d2dc9754b03ff6046b68d6f1e776060d5583fadb5ece90aa3
Debian Linux Security Advisory 3405-1 - Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.
093436dd8877007cc38f10a273809c83511466a1c55d6c0914d14c87e2b9cf4c
Debian Linux Security Advisory 3406-1 - It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.
930894e681573a82ac8191e73c85435a31821c44a824377eb46afcc3622b98bf
Red Hat Security Advisory 2015-2518-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
cd01d7b57fe3e51875ebdc9a1bf9b8098c2149ac2ff6216a439aa9920b087813
CIS Manager Content Management System 2015Q4 suffers from a remote SQL injection vulnerability.
755fee851a768d9739a2fbca1bfcc591f6bb2d3a6267279c012f29a529206ed8
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c8d1d3b6ce3d2a56577fca224424071afd921739d3859efc8a62229556d4beef
BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.
ad92db3f8a0dd8f3d603187873cbcc879f069b52034b56d5481e2bd22b4892dd
EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions include EMC Isilon OneFS 7.2.1.0, 7.2.0.0 through 7.2.0.2, 7.1.1.0 through 7.1.1.4, and 7.1.0.x.
e2d777f280c8f4de1b10b38abc67618b8e6a0f1c6a21b29eb62ce8ab802369f6
Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.
6b622a8497108bd0b45667aa432a5e68a79cc42f3e823428ac3c4c7d028c898e
Debian Linux Security Advisory 3403-1 - This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to 'true'. This fixes a vulnerability in unsafe applications deserialising objects from untrusted sources without sanitizing the InstantiateFactory, InstantiateTransformer, InvokerTransformer, PrototypeCloneFactory, PrototypeSerializationFactory and WhileClosure.
adb69be65adb4f0344cb7814e5ad87030f8cc2266e9ab7f0c44f39ba3b02bcb2