A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.
ed08fc54fb11f75fb8240f00e12ad3f0eb15c9ef81cff67a88e74e2b8793b557
Ubuntu Security Notice 2312-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
e3816f8c04ea2d8938354eb2bf7c96769ee3acaa5a8f4537d6a799ae59eeb90d
CS-Cart version 4.2.0 suffers from a session hijacking vulnerability due to weakly minted session identifiers.
75b089cb05c7acd3308c73cf9aed379821ea108918fd45c8a1f4b82e65e09695
GEL CMS version 4.0 suffers from a remote SQL injection vulnerability that allows for login bypass.
adce38f0b73c10b3b1fe34d367682cfe754530c4e55c16152797c3df8149dc48
Opendaylight version 1.0 suffers from local file inclusion and remote file inclusion vulnerabilities in the Netconf (TCP) service.
b4c4f777d826b243c739648f5e37ec62fdf64c8901732abd6398dcdb787c830e
Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.
4e0dda886cea833a687c664d12a4435708cfcce65b89f11c91f68124746cc7f1
HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
d854fc6c01d15af293b74d065d3d1747b841e3cac51232655a55481b5756ce47
Debian Linux Security Advisory 2984-2 - It was discovered that the acpi-support update for DSA-2984-1 would make a laptop's power button forcibly shut the system down, instead of triggering the configured action (usually suspend to RAM). This only affects systems using the gnome-settings-daemon.
42557260d34d50a66f6fe09569e56e789759c32e94fdb6750ae406e5165eec71
Gentoo Linux Security Advisory 201408-3 - A vulnerability in LibSSH can result in leakage of private key information. Versions less than 0.6.3 are affected.
8352f547da7a3cf848b8e227033600ae1aeea647697809d94f542b731d45e45a
WordPress Disqus versions 2.7.5 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
2df5dbf30ee565d7f622d21cfbcd0f06f378ce8494ab640f6e97b5154395387e
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
bca7256fdf71d778eb59c9d61fc22b95792b997cc632b222baf79cfc04887c30
WordPress CK-And-SyntaxHighLighter plugin suffers from a remote file upload vulnerability. Note that this finding houses site-specific data.
a56aed0703be5e8db85ed29cbd4c7ce15f30b85c42d4cc83cb27dde53df32e8c
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
2216969ee7cb611f7fef701d5db08f6f40e9825e09684ad1a94dd08b031b6d5a
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
b6e554cbacb925bbcf88dd4554c9222b51b21796c39e198cdf5b0b9cdc1ed383