PayPal's service application and common service API suffers from filter bypass and script injection vulnerabilities.
c043a3f24bc5a9b427759567dde2ae82c5b50379ced5b12ba993537f2bd035eb
Red Hat Security Advisory 2014-0500-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
053eff3848e4c3323f01275daa23b1e1daef01bac18cef89f48a1661ee568d5c
Red Hat Security Advisory 2014-0498-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
3e5f89f145def43de588d0721a600340738c1ea9eb26430a4c4f834dd52d984f
Red Hat Security Advisory 2014-0497-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
05112fa5138fd82396c980f77a6914edfd660c9bf09fec3eb3388fae84907976
Red Hat Security Advisory 2014-0496-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
bb4482a95fc7d355619e99fa8cb0ebb34808aa82b6c3c7b6fdf2267b9d0aecc2
Ubuntu Security Notice 2211-1 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
0bbf8ea90bc59f76ed3140c2991e87eeb3a271aa7e0d9baa9cb00269fe2e309a
Red Hat Security Advisory 2014-0486-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
536d12cae6ea15d0d648b278cd51e8722b13f68ca7c008ded9487330b2408cb6
This bulletin summary lists eight released Microsoft security bulletins for May, 2014.
ad2ae328fe0ca9b376f428091798be9248922edd0760978743a6635134fbbaa0
Linux Kernel versions above 3.14-rc1 and below 3.15-rc4 raw mode PTY local echo race condition privilege escalation proof of concept exploit. This bug also affects kernel 2.6.31-rc3 and newer.
3e2aeb3682476066fd47d615fa123347b94017a25a410fef128e012fea785cdf
eInstruction Workspace uses sudo in an insecure manner that allows for root level privilege escalation.
ea967f9ad83bf0e22c8940b19015e0016abf72dd45fb095cd48e3e8f29765f83
This is a tool to span /8-sized networks quickly sending snmpset requests with default or otherwise specified community string to Cisco devices.
b86a2a908433c19de36ea1175325ee36464ca7207db1d895a2e453787e1e203d
TFTPD32 / TFTPD64 version 4.5 denial of service proof of concept exploit.
42ed4ff9640def9f6fd33839dbae3c49f7b55a97232a7a177c395e0d6dbfe8ce
Easy File Sharing Web Server version 6.8 suffers from a stack buffer overflow vulnerability.
2b38f752e2f37e486df594774fc746aafc4525d616523a2f4e218fe2e7b1ebd2
K-Lite CODEC version 10.45 suffers from a memory corruption vulnerability.
d866181716739a014909a1b7cf8fe59173e3754af89939afdbecc013c6736e72
Elastic Search remote code execution exploit that leverages an issue which allows an attacker to read from and append to files on the system.
3299ff251ab0622ef68d21295c55f1a9622443f4a48b3ce749e6045ef42c4ae0