Bugzilla Security Advisory - Bugzilla versions 2.x through 5.x suffer from cross site scripting and information leak vulnerabilities.
db307f7a48f357ccec4e2df7650d49504073c143e214926e2c2f8d2de6b1ae54
EMC Secure Remote Services Virtual Edition is affected by a path traversal vulnerability. Attackers could potentially exploit this vulnerability to access unauthorized information by supplying specially crafted strings in input parameters of the application. Version 3.0x is affected.
8fdb353afde49d3288888cc3ee5c2a890947dbd3ba5aa6fc9be188b655ddf2f7
F-Secure's F-SecureOnlineScanner.exe suffers from a DLL hijacking vulnerability.
08c100af279ae10d50cc0185837958fbe38a62b8c7acd43735db62efeb0c9ab5
A crash can occur in Wireshark due to a heap-based out-of-bounds read in Infer_pkt_encap.
90745af22598c1fb601c80c9804dde78906a32f0a793f19dd9a7d704da617e2d
A crash can occur in Wireshark due to a heap-based out-of-bounds read in AirPDcapDecryptWPABroadcastKey.
d8958e46997776a9af2eeb90fb122fc352fe22540f8ac88e0d82d1a1866ac014
EMC VPLEX GeoSynchrony code level 5.5 and earlier contains an undocumented account that may potentially be utilized by malicious VPLEX users to gain unauthorized access to the system.
50bfb76922d4d30ee5c72d4c24b95090ef5578e1b5cac9b3aa9f356fb26b4e46
Symfony PHP Framework versions 2.3.0 to 2.3.34, 2.6.0 to 2.6.11, and 2.7.0 to 2.7.6 suffers from a session fixation vulnerability.
2a310b9c465d16a38204724f21d14c740130822075d76a0292958cab6f776282
A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type IMAGE_DESC_RECORD_TYPE due to the allocated size of LineBuffer equaling the value of the logical screen width, GifFileIn->SWidth, while subsequently having GifFileIn->Image.Width bytes of data written to it.
14b8a675aca0e489675c477775d6737f0d432c6edb938c10feaa6a0bb0c1e016
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c607f1e18e5636830f42a83f7c67e1466f07db82853f3a9dba4ab8c6c3bc656e
WordPress Content Text Slider on Post plugin version 6.8 suffers from a cross site scripting vulnerability.
dee2b148c75594c583b58e3312e4f2d132308f9bd4040b2d92312e01399c5434
The Vulnerability Laboratory Core Research Team discovered a client side cross site scripting web vulnerability in the official Western Union China web application.
fa620ca37dc2f6c6837ce5da404bfa5e648280e8544058e2a100fb5356c8fa42
DELL Scrutinizer version 12.0.3 suffers from a persistent script insertion vulnerability.
90ecd7a57fd5dd1c8a16a15c21ddf77a0a61b4c26758289c9db26bda4b158d93
Microsoft Windows win32k local privilege escalation exploit that leverages the vulnerability detailed in MS15-010.
4f24264b386fc93f4e7321fea7aa41a1b8a93d94de1ffd60457886fa2cb4772d
POP Peeper version 4.0.1 suffers from a code execution vulnerability.
71c7cbb42289fe16b17e4ad550f00bd11875ed823d0e7b1abc5453fddecc6013
Red Hat Security Advisory 2015-2696-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user inside a guest could use this flaw to crash the host QEMU process or, potentially, execute arbitrary code with privileges of the host QEMU process.
503cbc45cdc2f967fddc97f42c3cbcc07b370f89a3a3665b58d860c38d262596
Red Hat Security Advisory 2015-2695-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user inside a guest could use this flaw to crash the host QEMU process or, potentially, execute arbitrary code with privileges of the host QEMU process.
634b5c5d6653bee90c43413700903f911828f921ca8203b0d45a775a1c4ef7b4
Red Hat Security Advisory 2015-2694-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user inside a guest could use this flaw to crash the host QEMU process or, potentially, execute arbitrary code with privileges of the host QEMU process.
4e3e67c3d61bed804fd025dc4f5c0bcec19041a73d8307392711fe4ac6eb7d3c
HP Security Bulletin HPSBHF03419 1 - A potential security vulnerability has been identified in HP Network Products including some H3C routers and switches. This is a Virtual routing and forwarding (VRF) hopping vulnerability that could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Revision 1 of this advisory.
dcc0e1a3e099534ebf24070ce9c632603f722085f42b8aafc6bf90d02bbccdf6
Aeris Calendar version 2.1 suffers from a buffer overflow vulnerability.
ee88744992009693088a81aa36d421a2f0159f8b9a163ba53c47431583245395
Switch version 4.68 suffers from a code execution vulnerability.
42399ad607779457d47d91b3dba85edcd375f44151c2051a3fc60e94b1215643
Bluto is a dns reconnaissance, vulnerability checking, and enumeration tool.
bed81a9d938f165962f78177c1778fe52fe3b22af828e94995f68833b3d605a3
Lithium Forum suffers from a persistent cross site scripting vulnerability.
2a4e89eea799134265826ac71520aa0a085ecfd4ea28eb44bcc6d2fb9511269c
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
53da89d5c48f26c0de9020e49b3846f04e034b5b376537463c65565ab2d9503f
Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.
38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665b
Red Hat Security Advisory 2015-2673-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
969f35c86c24c7d1b1f9d33a4492eaeb80195425deabb40fc950705f06c4fcc6