CodeIgniter versions 2.1.4 suffer from a weakly encrypted cookie vulnerability if the Mcrypt PHP library is not installed.
ecbf837304eedee509b6d4b0af685f95cc4f63942f6dad1dd1b88c9a74a1f9e9
design.samsung.com suffered from a cross site scripting vulnerability.
f6d47c73257707a25b4b14cfb56ae59b58145d7e696aa688cb0b097804f23436
WordPress AdminOnline plugin suffers from a local file disclosure vulnerability.
20c692d7751807177e345335572951873758bd2fa6401da41ae11db57ed96e9b
VMware Security Advisory 2014-0006 - VMware product updates address OpenSSL security vulnerabilities.
e32f3b5a005455ef9b833d1324278466b8f0efab24e79651b63fe8563d8dd79c
Openfiler NAS/SAN appliance version 2.99 suffers from cross site scripting, passwords stored in clear text in cookies, remote command injection and path traversal vulnerabilities.
033210cad699df5b692844387b4b7da0a85761ea376428c5907abfe92e8a22f4
Oracle Access Manager suffers from information disclosure vulnerabilities.
539e2bd88a74aa0c87100a26eb6bbe230d80c950250b0a640fabaedc752f02c0
HAM3D Shop Engine CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
1ff525393758bf5f38b347f6082d6a122ba68a023ccbfd162961b7af6c57d4bd
ntop suffers from a cross site scripting vulnerability.
35b20d152d65e04c2c54cd3dc5116e2a46f202ebdc20bb9c7b03b74554c6c04c
This is a python script that decompresses the rom-0 configuration for ZTE, TP-Link, ZynOS, and Huawei.
edbc541d4fd6a39f2011f02eae1cc09eeb4360235f4ccb2da21bb4abd9720abc
Red Hat Security Advisory 2014-0679-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
a8d4089140a1c66f2437687b323ab374e31f8637c84458203fd269e677d1bf6b
Red Hat Security Advisory 2014-0675-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
1626f71a9dc8a4731bb5dcecc1aba000fab963b345a886ec30b8e48e98992653
Red Hat Security Advisory 2014-0703-01 - JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C representation of JSON objects. Multiple buffer overflow flaws were found in the way the json-c library handled long strings in JSON documents. An attacker able to make an application using json-c parse excessively large JSON input could cause the application to crash. A denial of service flaw was found in the implementation of hash arrays in json-c. An attacker could use this flaw to make an application using json-c consume an excessive amount of CPU time by providing a specially crafted JSON document that triggers multiple hash function collisions. To mitigate this issue, json-c now uses a different hash function and randomization to reduce the chance of an attacker successfully causing intentional collisions.
ec0b06a0535e8df27753e5181c0e7d8cade9fc689caf95d4a775564fb8104dc4
Red Hat Security Advisory 2014-0684-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash.
c3480dbeae965e50ea2596aee4b2db89bd2a3b4760517ee917313be96570a000
Red Hat Security Advisory 2014-0687-01 - The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash.
822c88ae36d5215b0d611a8605c6c91e9253af0d2d6533a8933792993155a472
Red Hat Security Advisory 2014-0686-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server. It was found that when Tomcat 7 processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
a961b3a2294976e62d60677e2ff60bb5f94eabb13b8b940d61c0a577251e2b1d
Red Hat Security Advisory 2014-0680-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
cfc42482941058c500876f4d08b6cb141fb056144a464de45472253004ab6dac
Red Hat Security Advisory 2014-0678-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
0af5814a25e17e5b72245dadeadbd9fe62d8a7285c1aa869a96c92fbd8095db7
Red Hat Security Advisory 2014-0742-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
e7117f129ba4571f657c249a7c9c071b0c8f8b990140d5bfbb0b889c9ceb9477
Red Hat Security Advisory 2014-0741-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
8bfae5d2e4aa81430daadf309a33cf84c3f7a96cf44159c351d381ed39ff9ba2
Red Hat Security Advisory 2014-0740-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.
0017b71d1e1f6e86fe87b339357aa9052a35e7430971f29dfb7fb4181ae04320
Red Hat Security Advisory 2014-0744-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
c6ce2409ba4608d4d3d3603918d16469c4e51f716467bdf6ea4a4f531e27cbef
Red Hat Security Advisory 2014-0743-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
7551cfb9286069e49610c9c4792c8f74264a2a7bd5f8be1ff9710d2ae94ad226
Red Hat Security Advisory 2014-0702-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. These updated packages upgrade MariaDB to version 5.5.37.
e0509cb643b98c8c623fea56b82bffcdadabf9e11a7928bd59f85954775aa0a2
Red Hat Security Advisory 2014-0704-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a user-space component to run virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
9c36baa21f31786b6deedda3f2ace5127c314ca5d81bc564338d508586595046
Red Hat Security Advisory 2014-0685-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
1c2adf2b26251abcda01f83436046d7cb56b561c50f32c768fc96c5ff861fdef