FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to run commands in addition to the desired SCCS or RCS commands.
a20c17eaa0d678a6581f823ffc677e815ad4e27a81210c150dd342d5e8c22101
HP Security Bulletin HPSBGN03372 1 - A potential security vulnerability has been identified with HP Business Process Monitor. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
9b73db045d143da79cc2c0b338b19a878898416fc761a2f8ac5e5472198a95e2
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
47135340b739a1ab5941e190a120381ca58ea3ea6256090a806959d64b20f10e
FreeBSD Security Advisory - A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.
846c53d6de99a6145a851883cd99b3ff6c32854a6c9e0c92a215d8bd9d16df91
FreeBSD Security Advisory - OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.
5a62702946b5a02f2793adee927547243f7fc23df83ae91a601fe9c2411fbd69
OpenBSD local memory leak denial of service proof of concept exploit.
06d406bc1d28a340f4d6972266ba9eb949cc47eb9f49a4aec013a294a61bafe6
WordPress Advanced Categorizer plugin version 0.3 suffers from a cross site scripting vulnerability.
6fadf0a68a68d7a2224dead0e386baaf4e4a60df0ceff53723283c9beb898aec
WordPress Facebook, Twitter, and Google+ Social Widgets plugin version 1.3.7 suffers from a cross site scripting vulnerability.
3290a2bb90bb054c2c4c266867566c028da4101297cd2c8c4f96794c20e77af9
phpFileManager version 0.9.8 suffers from a remote command execution vulnerability that can be leveraged via cross site request forgery.
fd512bf32f9f9fc9a3b430ad2e4494742e35537f8aa5ba31a79fa463585369d4
Basware Banking/Maksuliikenne software suffers from hard-coded credentials, client-side auth checks, and other issues.
20e493f8d0e70a0df374b32c5df84932a6164d9879098f4b621ab7f348013a2b
FreeBSD Security Advisory - There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition. As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.
4651dfbd0c91abc16de434dacb94a6bbd086b3657240c2386bbf868ee0921266
McAfee Application Control version 6.1.3.353 suffers from multiple vulnerabilities including insufficient whitelist protection and bypass issues.
56a0d4447cb0bd7f7b3072dc871f8d24fc7433bff2511b0d379a1e91aadfd4dc
WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
976c6087ecb03d8b8cae5e43e9e600acaa4392bab73a3bae21e132826b40bada
D-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.
4d98416040832150a16ffa2a1c213edb24bd98271d14dbe192d4aa550a9fd010
Tendoo CMS version 1.3 suffers from stored and reflective cross site scripting vulnerabilities.
cd9b09823f3b4f903977a3d92b3b7084b6e40bcacb0756fc6aafefeeafb8108a