WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.
c11bcdd0311e215255171e238d9b2a4a5c5cbb4a495aa33f118f1d414bc6792b
Windu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
983c1316e05ee3e68fccee8c5baa23d337d5c12ebe07bd048da47708da19351a
AutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.
219a7db1a561eff423e65169d002771554f84e51f9e61f3996c00b73c866de51
Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.
0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791d
Drupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.
31efa592720a283b50038fb9abf65bab1ccd1c7bab69eb9033f029d565ae589e
Magnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.
e1a57d6ef2d1f9af10faf583024ebba7968cc1b930a63061237944f7b16d7b8c
This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).
0adc9316e503d0fe3daa7da5e64d578c4f345eb5aeee58462a82afd7494b1a6d
Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.
29ccd87908529598304cd583f8ee5922f7df5671abd5b2cd835597f7343deffd
Basic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
a1be6c25b484217301eba90ff838bc9a1af185b0119f02b1e6cacaea8446c25c
iPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.
a5433fa7faac6fc77af274a37017e674b24332ffbee28a83a05ba18a5f260d4c
Easy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
92e6510e14c604e95a17cc5ed18c985111677ae10b2de17eea7ab41b69bcd495
FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.
f85ccf5bba6e094130c5c3c7cfc595eb7fdac76706f72e68601c8fb4212bc86d
WhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.
260e26aeec72763f25b273ccb4f424dd4aeffd1b74f89099d65012fdf72375d4
Cyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.
90e5f178d86720bbe16c5ed5b968847e9f32057836a9e8e77e7dd1b41134ee7d
vBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.
0a0648a15e33987faeadd862bc64fb7b7f3b30b7a5ca898b18da61ee8e8ce0d2
Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.
229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2
Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.
3af6f62904e5e2f9c0544724370c57e046a437d3917b85caaca4e7f10e3a6731
Ubuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
c6e86f1288af7e22a761f9d766592dbed8c45c4f2f70fe5359000d1b2b6fc3f9