Acunetix WordPress WP Security Make Backup plugin version 4.0.3 suffers from a cross site request forgery vulnerability.
b252718580ee023413cc606be9290cfbd4802abfc7c7fe6ae15564dab7317941
This advisory discusses a weak cryptography implementation in NRPE, the remote monitoring agent distributed with Nagios.
9513ca804b2266816b1f59df17644a5e411eb0d568e52e7f93c445b9e778b63c
This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.
696de85131e12c5aeceb80b81967cf7b6a763bedd16495ecd096c382eb8c7d35
Apple Security Advisory 2014-02-11-1 - Boot Camp 5.1 addresses a security issue. A bounds checking issue existed in the AppleMNT.sys driver's parsing of Portable Executable files. If a Portable Executable file with a malformed header is loaded, this could cause a Boot Camp driver to corrupt kernel memory. The issue was addressed through improved bounds checking.
07103b0ee92ecf96051445fef55f03bcbb9e89f921846def3180a8c6dfc9ef7b
Proof of concept SQL injection exploit for the panel in Dexter CasinoLoader. It exploits the gateway for bots to connect in, which sanitizes none of its input. This version of the exploit just dumps database data, and can create a GEXF file to make a graph in Gephi.
e23bf1f6bf9d448ec21c0e08084f86886e247080217d33e730242930b073b444
Ubuntu Security Notice 2105-1 - James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. Chris Glass discovered that the MAAS API was vulnerable to cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.
b3b580b276826bc153e8f810e4aa0d9ddaf93bffecd797cccea9a87b941157b3
Mandriva Linux Security Advisory 2014-029 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. The updated packages have been patched to correct this issue.
e39dc76f04b0608ecb515d1d059eb80ee86e71bc3c84c20004709b689f94b1ed
Mandriva Linux Security Advisory 2014-028 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Various other issues have been addressed. The updated packages have been upgraded to the 5.5.35 version which is not vulnerable to these issues.
ebd9a0fcd180370e549e49c07622f3c2d751b23325b5393eb13159ca0e3864c5
Red Hat Security Advisory 2014-0173-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.
31ea251646a83ad0404f232d723f28503dc57e7493d6173e5c3a773c84e8b119
Red Hat Security Advisory 2014-0174-01 - Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server, as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials.
e410c801cfdfe205745559af19dd5bcffe1667abd62176ecb18cc48ad3077382
Red Hat Security Advisory 2014-0175-01 - Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server, as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials.
813f6fa729bf2246f3eb91d2e426a58d294a78411b80351765b0c1ecf65bc8a8
Red Hat Security Advisory 2014-0172-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
541f07157180c8db909f86a437b2213620a20031cbdccf831162fc96fb9d554f
Five ASUS RT series routers suffer from a vendor vulnerability that default FTP service to anonymous access with full read/write permissions.
df94c3881f58c3d90e3c87a3f4f3cb75a7ea84051aaa9d0bf12a4e0118b66733
WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.
fa0ee4897fffef374ba31d9600f656b4b67d282b9dee8e74e5f06db89ccd0ac0
WordPress Buddypress plugin versions 1.9.1 and below suffer from a persistent cross site scripting vulnerability.
cb6e6a7f1e53ac871ca5f03ab6a3fb79940b35b8a9e403602f1639a1c1c52a7b
FreePBX version 2.9 suffers from a remote code execution vulnerability.
d2b9cce20ce59a9ea58ad61bcebc7faee7331c69e786ddbe3786953df0a89e60
Boxcryptor.com suffered from a cross site scripting vulnerability.
aab48458247a4d57f3545b2250a6b9478315321df0e69c78e7b61de5f2d118d3
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
951463c2fd426ae4206e9f64ae95f805fa0d2e269cf0d1b92b1f4e1cbbd54d02