Nameko Webmail versions 0.10.146 and below suffer from a cross site scripting vulnerability.
3b2740074a19f52c84f779efae84cdd9f1a80d8cc1175eef3efe3108818db72a
Static HTTP Server version 1.0 SEH overflow exploit that leverages the configuration file and binds a shell to port 4444.
20860972de52d3d5624343a4ab0e0c228e90b1a76c4d40afeed190c4d848a86b
AVS Media Player version 4.1.11.100 local denial of service exploit that generates a malicious AC3 file.
e38991db53bda992deb7fb8bd65ba6883291ab7c0faf79ec5055a5da0cdbb1e2
WordPress WP-Private-Messages this party plugin suffers from a remote SQL injection vulnerability.
b964cff16f08182af4664c78ba3cdaa0af3da335ea7d4470e22511915ce137ed
Debian Linux Security Advisory 2717-1 - Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.
725b2cb7a37e030f1ad6211488f3d9519ceec802f0dec6c149a6cb4feddff9d9
Mandriva Linux Security Advisory 2013-186 - Updated puppet packages fix remote code execution vulnerability. When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.
16f6e339b6a971acf0f5568057324baccf34ac55672e355b9b72c2f8fcd7cc2c
Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4073.
33d0d087342bdf2fa53a28d6a242ae11609f420907abb65ded11817048c7bb01
Fortigate Firewall versions prior to 4.3.13 and 5.0.2 suffer from multiple cross site request forgery vulnerabilities.
5e716d94582ec65cc97f47dcfeeb3d561fddabaebd2912e1d7b23f64de396cd8
YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
695a2946cc39df0b7ae62aedfd486a14f8ffc15c2fc2ef1b909e0eeccfa856ae
If you have physical access to a Microsoft Windows 7 SP1 instance, you can leverage the "Launch startup Repair" functionality to gain SYSTEM access.
fac9f4e8231364eeec4b1aecc36f354fe04953186fefb938b3fc672b096c51cb
Red Hat Security Advisory 2013-1001-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired on December 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, after December 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.
6651532a366053d7aeef4d6c4d47b1f8d4b2f87de49d4e9f9f09264a620db639
Mobile USB Drive HD version 1.2 suffers from a remote shell upload vulnerability.
af5f77c231114e25afd0e7bb7892ab8b042909b94e8970efbfe6ac0a8a8915f3
Barracuda CudaTel Communication Server version 2.6.002.040 suffers from multiple script injection vulnerabilities.
40dfe644016b1ad81c1a85043ea8e429a90b78046c7c522200ab93064f1ac717
PCMan's FTP Server version 2.0 remote buffer overflow exploit that leverages USER and pops calc.exe.
ebe2ee53f912fbc36e072f14536b5b3d704cb736c0af15df0fafefd130440e39
The PayPal Hong Kong marketing site suffers from information disclosure, user enumeration, and bruteforcing vulnerabilities.
9392e6433d56701d485bdda4c180db292d48ca179237ab880ff00fd75ff3f245
eFile Wifi Transfer Manager version 1.0 for iOS suffers from local file inclusion and cross site scripting vulnerabilities.
f4659d8f270b07a83389f539606ad8dafb4a5388e016cbf23573ae55c1a4c349
A critical password reset (session) vulnerability was detected in the Sony PSN Network web server auth system account application. The vulnerability allows remote attackers without a privileged application account to exchange session values and reset any psn user accounts.
7d2f60f06b1f589958b985c9d294460f3f3b1163bb51e8e1a6e79d4d54e5a3ba
PCMan's FTP Server version 2.0.7 remote root buffer overflow exploit that leverages the USER command and binds a shell to port 4444.
7f0bb5b4598cb64d889b69fe79face4a1e564281d836fd315c6a126034d7cc32
The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.
ed557eaf432b8220b8a580b3a0a313162a1d2211f6e1ea637a19dc2d29e16038
HP Security Bulletin HPSBUX02886 - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
cac1fdeec8a55f1c45ad6c9cca7c998c11e3e1e01ed4039be8e9ca602e7613b0
HP Security Bulletin HPSBST02890 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. A user who is logged in via the HPSupport user account does not have access to the data that has been backed up to the HP StoreOnce Backup system, and hence is not able to read or download the backed up data. However, it is possible to reset the device to factory defaults, and hence delete all backed up data that is present on the device. Revision 1 of this advisory.
836f157ebc6e5df575b140451776908b9f5ec88b67f885a256788ec84f8a2a59
Red Hat Security Advisory 2013-0992-01 - Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw was found in the way python-keystoneclient handled encrypted data from memcached. Even when the memcache_security_strategy setting in "/etc/swift/proxy-server.conf" was set to ENCRYPT to help prevent tampering, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to bypass intended restrictions and modify data in memcached that will later be used by services utilizing python-keystoneclient.
0b46ee70e661aac86fcfce7d4bfb6636c8819246323ca5bac1086eda68288cae
Red Hat Security Advisory 2013-0997-01 - This is the 5-Month notification of the End Of Life plans for Red Hat Storage Software Appliance 3.2 and Red Hat Virtual Storage Software Appliance 3.2. In accordance with the Red Hat Storage Software Appliance Support Life Cycle Policy, support will end on November 30, 2013. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat Storage Server product once the life cycle for SSA and VSA is complete. If customers cannot migrate, the product will become unsupported. In addition, after November 30, 2013, technical support through Red Hat’s Global Support Services will no longer be provided. We encourage customers to plan their migration from Storage Software Appliance 3.2 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
f027ef4acb05402b88530668fa3538e2e6c30aefee4fda63be63ff6f1ef48acc
Red Hat Security Advisory 2013-0993-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. An XML injection flaw in OpenStack Swift could allow remote attackers to manipulate the contents of XML responses via specially-crafted data. This could be used to trigger a denial of service.
28a8b98698ba460b04f7bcbc2c2b29b15adacb9c2f421378f5d59be53638b7c8
Red Hat Security Advisory 2013-0996-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.6 will be retired on July 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.
8b83fe4c652ad4ec0b42ead3c74029eeef6a895684a862769aa70d58e2be94e5