ownCloud versions 4.0.x and 4.5.x suffer from a remote code execution vulnerability.
c65453c7d509deaa48610d2f613f6869f087ed9c465830cd85a1506f6c8ea17c
The Vulnerability Laboratory Research Team discovered a client-side cross site scripting web vulnerability in the SonicWall backend servers with which firewalls communicate.
a3ef7226bb0bd32e609daeaf47556d4710d38214467798953308e80c9e2d8bac
Apache Struts version 2.3.16.1 addresses a ClassLoader manipulation issue and adds some denial of service controls around the Common FileUpload library.
cd4b96f99ffc4363d6c06f7b2c4792cb3425208eec73ac3a409b208aa00c26cd
Slackware Security Advisory - New sudo packages are available for Slackware 13.0, 13.1, and 13.37 to fix a security issue.
1503d71023968d2d250f1371a8a628a7c3e2b3f8a9504dd5b9ce76acd6042040
Ubuntu Security Notice 2131-1 - Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion. A local attacker could possibly use this issue to obtain or modify sensitive information from other local user sessions.
dc322c9762452da3111edb39ea5cef37c10927b47550360f7b0020e1214507e0
Ubuntu Security Notice 2130-1 - It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. Various other issues were also addressed.
d34d8ac4150b8f6a4f6baef401d0fa50c2a91dca97782c65ae813069a519bf58
Ubuntu Security Notice 2129-1 - An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
26def1da51e3753541184bde4fad779091149899914c8225f8d51c895c375721
Ubuntu Security Notice 2132-1 - Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memory consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that ImageMagick incorrectly handled decoding certain PSD images. If a user or automated system using ImageMagick were tricked into opening a specially crafted PSD image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
72853b878b1f2e516bfac5d47c34bfb899c700e46990633adf384408fe0988be
Red Hat Security Advisory 2014-0261-01 - In accordance with the Red Hat Enterprise MRG Life Cycle policy, the Red Hat Enterprise MRG product, which includes MRG-Messaging, MRG-Realtime, and MRG-Grid, Version 1 offering for Red Hat Enterprise Linux 5 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid Version 1 on Red Hat Enterprise Linux 5 after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Enterprise MRG Version 1 on Red Hat Enterprise Linux 5 after March 31, 2014.
c57160cfaa3a36770236e1dbda6c69acda44eda86d0aab1c745981b177cb27d5
Ubuntu Security Notice 2128-1 - An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
f93775724c74d2ee6adb72b9dce313cb6dc890d079d7d6ebdb872b101263d582
WordPress Premium Gallery Manager plugin suffers from a remote shell upload vulnerability.
a415b02137a4198220d723341703817c21095885361785018c36dbdaeeb1dd38
This Metasploit module exploits a remote arbitrary file write vulnerability in SolidWorks Workgroup PDM 2014 SP2 and prior. For targets running Windows Vista or newer the payload is written to the startup folder for all users and executed upon next user logon. For targets before Windows Vista code execution can be achieved by first uploading the payload as an exe file, and then upload another mof file, which schedules WMI to execute the uploaded payload. This Metasploit module has been tested successfully on SolidWorks Workgroup PDM 2011 SP0 on Windows XP SP3 (EN) and Windows 7 SP1 (EN).
555ceedf2a25fd70fef94c9ae70c8626ff642d286be5b686e2bf20bc82d0820a
This Metasploit module abuses the Backup Client Service (OmniInet.exe) to achieve remote code execution. The vulnerability exists in the EXEC_BAR operation, which allows to execute arbitrary processes. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
8a6cfcccffe2b708db0732be2f11e898b34ee027cca6bf2e6269d9b4fdfe7ad3
Cisco Security Advisory - A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device. The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device.
923dbfdda27dbef1b87165f040cae5d5ddaa05eb445f2f6b7c7264c3a1063efc
EMC Documentum TaskSpace (TSP) versions 6.7SP1 and 6.7SP2 suffer from privilege escalation and arbitrary file retrieval vulnerabilities.
5fa4797c60a3ada46ce2d0b0a77097a9c04b093d0067361801d09a139e510ddf
OpenDocMan versions 1.2.7 and below suffer from improper access control and remote SQL injection vulnerabilities.
1c89a93e01a9e80efb0cba31d5c5177e9f24bbe6661e3238edf0a32bcdab0af3
Drupal NewsFlash third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
8c32a759dcbbdaf3e616022506078ffa63f807297679349d9f134d21bf774b08
Cisco Security Advisory - The Cisco Wireless LAN Controller (WLC) product family is affected by denial of service and unauthorized access vulnerabilities.
23651d98d4ec2ac2517b5ce787af4b2b5ffa3483e47c73758c6de0991cedb9f5
Cisco RV110W, RV215W, and CVR100W suffer from a login bypass vulnerability. Affected includes Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9 and prior, Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and prior, and Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19 and prior.
b7d7d2fe1fe7163f7f5068ab1e31c4a8df75ae9a15a21ce2451dbac629f641ab
Drupal Masquerade third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
2e05e179c7b3a88eac09f4671a883fc10fe910f394556b6fe421fff267af6c28
Drupal Mime Mail third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
ddb9f598501a7037e5db2e2b223e928001adf33e9f8b04f1009c86673a4c5039
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
5ebc168212a159218a4454c72d0c060b8a8af78605b93b214b3d6c5e2a124896
Nsdtool is a toolset of scripts used to detect Netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.
9078597d3b0639a6911da09299cf72235589bc314c384350d0ff18ee053b37a9
Red Hat Security Advisory 2014-0253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in the JBoss Web component of JBoss EAP, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. Warning: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
2ef04417d98221f2b4fa45f31f0506ac5b73deb6735305af15c3399aa5b43a27
Red Hat Security Advisory 2014-0254-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.
582404ee5321477d2cb59fc61c8baa71cc260fc0e66a6ea75d31f89c594e8b4a