WordPress Pixarbay Images plugin version 2.3 suffers from authentication bypass, cross site scripting, remote shell upload, and path traversal vulnerabilities.
e8fdd468e6a1e0c52e7b2d7f13d998fd901f754bba86a40ce752dd2fadcf3302
WordPress CIP4 Folder Download plugin version 1.10 suffers from a local file inclusion vulnerability.
1af1d5a2b4b746275a381593e49a5c3be6de4731e7ecb543c4f8b9e295342115
CMS Websitebaker version 2.8.3 SP3 suffers from a reflective cross site scripting vulnerability.
1c13e2a29ee41103134daa4b8ed1f929424ffb7fd0ca977b366f5acaa43275a7
N-Central Remote Support Manager version 14.2.7.171 suffers from code execution via file upload and arbitrary file read vulnerabilities. Proof of concepts included.
1f4e68e01c2f6dd21ce1ed63c7fc330ce2623bb0e78c7368413d32bd51910629
Ubuntu Security Notice 2479-1 - Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this issue to cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f4c2e940b1195e7e4294dc8837fb98b44f129655d1b42a9f2d57052e0cda7bd5
Ubuntu Security Notice 2477-1 - Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.
8d59f9a9a7da986c7c656c01a3b1736ca2c1c10eb6ed21dd48749c787b46e718
Ubuntu Security Notice 2478-1 - It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.
f9290ec437e7f5a67f27daca640706d51091fd5c4eafb244f218826c3647f564
Debian Linux Security Advisory 3131-1 - John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
0bc385c6b6e3000bee1436fe2d211ac62230a51377f11c33c6cbd35e2274fcb3
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
067a114bb8ced0dd271c61469499f8f851111638ac7c9d87cd038adbf54dc84f
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
793edf9f3510d23b394c0352ece1b2a30c6ff3f3a6a422527dcad76b3e5a363b
Slackware Security Advisory - New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
f32f37069f9b22d92472ceeef8c056b5606a6f784a3aa07efad50b8ba7a8e811
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
b2f2acd2b7e866601246d15ce7f2a23f36629f8bc37842eebedcd936e1e51d16
Banana Dance Wiki CMS version b2.x suffers from local file inclusion and remote SQL injection vulnerabilities.
5aea54712b3fcfc9bb62181feb0c7c2c80bfa25156dc0a43ef48f5ca566ca84a
Samsung SmartViewer BackupToAvi 3.0 suffers from a remote code execution vulnerability.
89f2460e0b6b71660d9a9c8e1ba26def794688cf56bbe9e5237ff38ffe7a5093
SPSControl version 1.2 suffers from a persistent script inclusion vulnerability.
922126fc065abe88203902bcccecc3b85b5bf595ea349fac11a27ab9ed755066
Tapatalk plugin for vBulletin and Xenforo suffers from an open redirection vulnerability.
1102d8cadc59d011cd1380605c006eff6ef1b237843b1ff925e90e30e3fd7793