Ubuntu Security Notice 2030-1 - Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04.
88d0a7e54ad7c4580130985a1ea62ac214b9e93f97f5151289a1646fd2f8e8eb
TomatoCart version 1.1.8.2 suffers from local file inclusion and directory traversal vulnerabilities.
80edf86022b40bc33df2e29333ac72332b23148388612cd80bcc1bac5cb7b036
This whitepaper goes into detail and multiple different ways you can using blacklisting with mod_rewrite.
445a092f63671e00d8cffe2e287b941a30901deeac5d0dc5b36b340fe8ad032a
Debian Linux Security Advisory 2798-1 - Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.
9363b2d66b1be8b2c64a2ee99bfb751ea42ee87086b3cd18e8fcae0ba052400f
WordPress Tweet Blender plugin version 4.0.1 suffers from a cross site scripting vulnerability.
7dd056ebf7a017614701914e9d8cdf3368acf8be185e3d65dc66b408e337e672
PHP-Nuke version 8.2.4 suffers from cross site scripting and local file inclusion vulnerabilities.
e6a6feff30584aa0b101a715aac4a57ef1a047c221e5c1801ebe24b0f614d01e
Facebook suffers from yet another open redirection vulnerability. This time the issue is in campaign/landing.php.
fa83309f306ce394994a46fa30357ecafc806aa8106411b43263e5362d25cd29
DeepOfix versions 3.3 and below suffer from an SMTP server authentication bypass vulnerability due to an LDAP issue. Exploit included.
24bd2a61ed26e639e6b823b3e2f7cc39031c2662744ed2bbda21195c3924d603
DesktopCentral versions prior to 80293 suffer from a remote shell upload vulnerability.
4aad22e43397ec7360050815be62145be5467cc3cc7f5dc670993b7a63712604
Kaseya version 6.3 suffers from a remote shell upload vulnerability.
20dc6ed57c27f12c771790a0beb065620e6be1b55b63ed26a4bc41e7bec9b483
Red Hat Security Advisory 2013-1526-01 - Nagios is a program that can monitor hosts and services on your network. It can send email or page alerts when problems arise and when problems are resolved. Multiple insecure temporary file creation flaws were found in Nagios. A local attacker could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. These issues were discovered by Grant Murphy of the Red Hat Product Security Team.
26ed51d06c4f102c04988c4bda77685e8771e157d676f92bd65c4733b3fcd5f6
Red Hat Security Advisory 2013-1525-01 - The openstack-glance packages provide a service that acts as a registry for virtual machine images. A flaw was found in the Glance download_image policy enforcement for cached system images. When an image was previously cached by an authorized download, any authenticated user able to determine the image by its UUID could download that image, bypassing the download_image policy. Only setups making use of the download_image policy were affected.
e0eb3f673d25b971dfa5e7bcb73d6d651ce3b1ffe95cdbb2b5cf1de8b7715300
Red Hat Security Advisory 2013-1524-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that tokens issued to a tenant were not invalidated when that tenant was disabled in Keystone. This could allow users assigned to a disabled tenant to retain access to resources they should no longer be able to access. These updated packages have been upgraded to upstream version 2013.1.4, which provides a number of bug fixes over the previous version.
b24f71928e7f9e525e30eb87c9d89f612ec145a89de4dc93edae2fdb4ed1e42b
The bt8xx video driver in the Linux kernel suffers from an integer overflow that can trigger a kernel panic. Kernel versions 2.6.18 and below are affected.
5e999ef89be83bedfff1b0aeeec2f2106773a720437d97c4c3579bce3dba124e
MorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.
3469672d2407862ceff8521d2671628ae33a178e865f4763afa9a0696e861072
Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.
c1f0ce5a3fe26ddb99b0616d5d61b0460e2f1e5b210f0a665619a91d61d91148