IRIS Citations management tool suffers from a remote command execution vulnerability.
e789e15c69c2329a965883f322fff813ff1f36966e788f2e72e60793bc951b08
Linksys E1500 and E2500 suffer from cross site request forgery, cross site scripting, remote command injection, and directory traversal vulnerabilities.
8f4ca31ed3ff1f131edf930a3e632c1433e475e164124e9a7516f54e7b1af180
Debian Linux Security Advisory 2612-2 - This update to the previous ircd-ratbox DSA only raises the version number to ensure that a higher version is used than a previously binNMU on some architectures.
086c3dbfbfe0be3afee646392c6d920ce885a0414245df8fc4392eb6f6b75b3a
Red Hat Security Advisory 2013-0250-01 - ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue.
0c1ca928ab4078246f51993091cfb756bb07c01c97598bcc98f62b3721f74e77
Red Hat Security Advisory 2013-0248-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
0cd84070a95714e2f26d8a323922ceaf81407a25678b121fd827d82772d04c3f
Red Hat Security Advisory 2013-0249-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
6761f84bc127bf9f98c90f2feeea537625896bc2eae21667feec92b4f2469766
Linksys WRT160N suffers from cross site scripting, cross site request forgery, and remote command injection vulnerabilities.
39b1aacd1083769cd903e8b6c46c0bcef01ce5e97ca668800168ca3378fa2176
D-Link DIR-615 rev H suffers from cross site request forgery, information disclosure, and remote command injection vulnerabilities.
41b970b21adea1850727bf853c7a64b9e73638cbc268a00e301d4a225d17b956
Linksys WAG200G suffers from cross site scripting and remote command injection vulnerabilities.
2b6dddc567f756cb697c510a2e5bf2220a9fb207d776b1a3492dc2707810ea56
This Metasploit module will create a boot persistent reverse Meterpreter session by installing on the target host the payload as a script that will be executed at user logon or system startup depending on privilege and selected startup method.
a70c92598f1b41407de595305edcc17da7cf3dfe1de0793892f2d4271ae6f663
Schneider Electric Accutech Manager heap overflow proof of concept exploit.
49fa635763252eb16e9ccbb0e26e8f22a39b5d34dff91c81384d96f3f04280ca
IP.Gallery versions 4.2.x and 5.0.x suffer from a persistent cross site scripting vulnerability.
c1c33fdbb109d30530246b10c9d229244553f37d4e55e76bc2bd112b10ca38d8
FreeFloat FTP version 1.0 raw command buffer overflow exploit.
4f7362ee6be1e79970cb01ac60656901c0993df1ed4c92ead3f4b9a9440a878b
Secunia Security Advisory - Multiple vulnerabilities have been reported in Nuance PDF Reader, which can be exploited by malicious people to compromise a user's system.
f20533e6cc6f530f0dccdc9458d6f5a7276a7f016cfc4b7dc1f2c459d5ae7b98
Secunia Security Advisory - Debian has issued an update for xen-qemu-dm-4.0. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
913ceb736b524d0e3605f9f055cc0d603440a946080eef1b763327d313453688
Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in IBM Tivoli Application Dependency Discovery Manager, which can be exploited by malicious people to conduct spoofing, session fixation, cross-site scripting, and request forgery attacks.
a434a823d41673474fca6d73cf56ee4c14c21ca6ee751929d02ce6f40f9d59d8
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
c6062bce11eca8cf4876bf7ec83c64139632379192b744e7c7ffaad14e2e2add
Secunia Security Advisory - Multiple vulnerabilities have been reported in Ganglia, which can be exploited by malicious people to conduct cross-site scripting attacks.
76ed587c5237d7d19b03c045879958efdacfe499f88134e05ea0e0e7bfa95318
Secunia Security Advisory - Some weaknesses and a vulnerability have been reported in InfoSphere Master Data Management Collaboration Server, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
bf55cb2c861faf5bb75ba59384cbaaae5698b04be19b7a814336cc5bfee64700
Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
ab1b253ef2fed31bfd104dc7e2952eb4c3ff0b18834b4d1f02c780c82dc271a4
Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site scripting attacks.
e47e00fd090dff876cbf478239835bc7588872ea9e838b15f096cb0fc032c8f0
Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.
e08a115dd55ab8f1ba2ca44b08217ce6eebddf2055336d3f2b977c1bcabca785
Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
09aa77d4f84b0661fa4c1f1e876eac05266fa0264e39d722d4c4b233a42280d7
Secunia Security Advisory - Two security issues have been reported in Apache CXF, which can be exploited by malicious people to bypass certain security restrictions.
bd77bc9acc24dad6de39f143b8655c5c95cbd5282497e1a19d1cf355f2311571
Secunia Security Advisory - Henrique Montenegro has discovered a vulnerability in the Pinboard theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
cfaf465e72924cd779d5f32b49c4f11716d5b33214a36845ff22e2cb7fb416de