Novell ZenWorks Configuration Management version 11.3.1 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability.
2e1385af22ffe68f64c61147063cf39a03915826ed8417041c6bae636ef665e5
Apache Flex asdoc versions prior to 4.14.1 suffer from a cross site scripting vulnerability.
46dfb4836a0f4b57607590eecfe753129c637f91c28ff7afd261777fc6d98ef3
Debian Linux Security Advisory 3057-2 - The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem.
be038067bb3a59dbd944b6cd93525c2a5b050c733640ba3e0c00df9a18a9e136
Ubuntu Security Notice 2558-1 - It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user.
3cdf31e7ce2504d75deeac6476e08d8cef04f4f07c6265f083f1d775075eff53
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
550fdafffeb4c1e3035bb8cc42e6e49d5af17ad79563bd118af22c1107f72b49
Balero CMS version 0.7.2 suffers from cross site scripting and html injection vulnerabilities.
458417d45a71bbc9cf2f59dac2f77172c15dd2aa41c76235a5633f80a54b1c3b
Balero CMS version 0.7.2 suffers from multiple remote blind SQL injection vulnerabilities.
949d7940cb1b4a95cff65513e29961b58e7322614fee7f8b0c05245e26d762dd
WordPress Shareaholic plugin version 7.6.0.3 suffers from a cross site scripting vulnerability.
997d301bcb1116b79c1053692c79b280561e1e4b1955e5e2bd58e3055a40aadc
WordPress All In One WP Security and Firewall plugin version 3.9.0 suffers from a remote SQL injection vulnerability.
2203b9343977b8ce1c7756e193c53801aae33bcc43ac2d1b9dbd42170428a048
Ubuntu Security Notice 2556-1 - It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. A buffer overflow was discovered in the GPU service. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
04fcc500a7183b01d8d82044435d10de076fb3f8f0fe6c66be25b85ecd587925
Ubuntu Security Notice 2557-1 - Muneaki Nishimura discovered a flaw in Mozilla's HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a man in the middle attack.
a1a035871c4334114b6ff842b6f02d425f02c680d8dc9d5234778f6a4321ed32
Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.
5799f785190a4af15c846f0050efac6e2cdd60ccce19b768508224bebe1b50bb
Red Hat Security Advisory 2015-0783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host.
1a62eb3c62b3f58d404ecacc94006c7b1a6ccb8bd2830547a948bccc4c9d83d7
Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.
497a3d5df6407e2e427e7c1470a45a7c8129599f5ebc30b4932e3935b243a11f
Mandriva Linux Security Advisory 2015-196 - cups-browsed in cups-filters before 1.0.66 contained a bug in the remove_bad_chars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the lp user, using forged print service announcements on DNS-SD servers.
6ee9502b33113faf945840266ffc7ae17222e04b5727259d3e2657e92606f6e9
Mandriva Linux Security Advisory 2015-195 - The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. The updated packages provides a solution for this security issue.
da29353ee6e69007158c2009f13b3d836eda48a2560df0d4f7ba8c8fd7386594
Mandriva Linux Security Advisory 2015-193 - The libtasn1 library before version 4.4 is vulnerable to a two-byte stack overflow in asn1_der_decoding.
007d36ef1e9e3ed182bdeada4da602d261dde0f484f8b56cde2cda356977fd99
HP Security Bulletin HPSBGN03306 1 - Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.
115904a616e7c2d552ef9d058a8c0477b6f3d1f3462f71cd9120c95f98161162
Smalisca is a static code analysis tool for Smali files.
1a7c9c1377a243a865485c0002c314ec8d435e4b1479f4a92b980127510784e3
Virtocommerce version Beta 2.0 suffers from an arbitrary file upload vulnerability.
31a2bc6b5383f1982eec05537bfada1c22a54b77733fbbb9fb6d979b53c953c7
Qlik suffers from an open redirect vulnerability.
2cf2db90b174f7cceadc779650c2181d747ba3224b8b9ce9cf5c21947a48cba7
Interspire Email Marketer version 6.1.5 suffers from a cross site scripting vulnerability.
810e6dddb98f6d0f7fbaecd6e68634a8db0244c0ce804043fea9d833a09f56de