Plex Media Server version 0.9.9.10 suffers from use of plain text protocols, insecure use of SSL/TLS, unauthenticated information disclosure, and cross site request forgery vulnerabilities.
3e1cb6d955b6c33349b4369cc89ac45fd2b1365efadc1a8d845bde2d9f7310d6
WordPress Quick Page/Post Redirect plugin version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
543d850e6bb8f1097ef237e3be4e4595f53890211e8adf65315339525e89497d
This Metasploit module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, the runasroot utility can be abused to get root privileges. This Metasploit module has been tested successfully on eScan 5.5-2 on Ubuntu 12.04.
be98f3a46fc9d7210a97e0f50b3bd1ba9ebef9cc6d3e9b5455d3e8e5c69531c0
HP Security Bulletin HPSBMU02995 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
907a6458638d1857cd1328f10a18b99a268dd876115f358b6ff918bc31df9780
VMware Security Advisory 2014-0003 - VMware vSphere Client updates address security vulnerabilities.
56f51418605761c2a509b1939c5cfd16d1ef1ddf2ea7d5aae6e16c1785d17e53
Debian Linux Security Advisory 2900-1 - Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images.
a62089eb0007a6409a8672fbd0149f4e0ed8f076992e3c6803504467be05377b
Mandriva Linux Security Advisory 2014-076 - Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.
31ae81767a1e79a18c421fe27db83de0a7d1fe84b2ad1d46c4714f7af4ce6540
RSA BSAFE MES 3.2.6, 4.0.5 and higher contains a fix for a security vulnerability that could potentially be exploited by malicious users to create improperly authenticated SSL connections. This vulnerability may cause creation of improperly authenticated SSL connections between the client and the server due to incorrect certificate chain processing logic. MES 4.0.5 and 3.2.6 are designed to address this issue by performing proper certificate validation.
236ef77d0a1bb2c038e8abdf9d1b831bb5bdcc69b21aa665f1c64528c1e2a9ac
Woltlab Burning Board 3.9.1 pl1 suffers from a persistent cross site scripting vulnerability.
c5eca7aae45c7ecae901cc7a0eca5177eae979828c7eba201eabe71ece3f5c26
Twitget version 3.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
266b8fb377793b085d1c5af6d02746d14f19958217853a10c4f6eee53b74a035
Comtrend CT 5361T suffers from a password disclosure vulnerability.
c3beb0a9debd4f539927231b553437a370d4c2a79b7130c247a0f5193a78bcb0
D-Link DAP 1150 suffers from cross site request forgery and cross site scripting vulnerabilities.
4df31b39cf88630f9e6a0e14c8f3506537065b37bfa5724c7cedfd18d99cbd4f
Apple Mac OS X Lion kernel xnu versions 1699.32.7 except 1699.24.8 NFS mount privilege escalation exploit. This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content.
8e779edf9df04a55e329faff795fd22465cd1d2fb570d611ba39e3d3871a8731
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
31b9e2d262b9e491ebcff8fbc73bf9d2aa0d0da21cceb7930e9d99be8d0958ac
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
dc5035b49b065bb7d1f6b75b387127c9306526774bb87f9aa8c8e6d2363a51b1