Chamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
230e777d25a2151f00153422fa704dbe817526a68723d31dcf7694a7df533d68
It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebc
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e
Websense Content Gateway error messages are vulnerable to cross site scripting.
58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03
This Metasploit module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.
c09c7bc2af2fa4964302e3a4f6d647d52b5f54144194e7dc8ab94d56a1e95f73
TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5
Websense Reporting suffers from multiple cross site scripting vulnerabilities.
19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710b
Core Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.
71db9f10f9b435818bd0d386e8d452b7c9164712db61efab96b1aeb19649e8bc
Websense Explorer's report scheduler suffers from a cross site scripting vulnerability.
437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461
It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.
f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305
It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.
ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28ea
Websense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.
bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3
A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like cross site scripting, to perform a remote unauthenticated attacks to compromise the appliance.
46837dcf6a5d28dc59eaab3be3f8b5c988bf22906dd8c40892e389c43e23257b
Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.
cb8568eb68202e34f2c399915ab08eac2ec81901bfe2ce84f46fd344875d3129
Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.
b9766eb5d33d72228778743de93441e682ea519fe27c250aec98a6ce1f397474
Joomla ECommerce-WD plugin version 1.2.5 suffers from multiple remote SQL injection vulnerabilities.
cc4be435a403cd80f5b4f40120c961b2dbee70db21b36e683a07c11ebdb15757
Apple Security Advisory 2015-03-17-1 - Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address multiple WebKit vulnerabilities.
fa7648ffb65340c5724013e78935eb5aca5810d15c8c68c6acaff6d1311a1297
Findsploit is a simple bash script to quickly and easily search both local and online exploit databases.
7c57fd01df278f1dd04c48e0c1d30069a39d08148c83b12388d162b35688cd5f
Red Hat Security Advisory 2015-0698-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
68a43a747ec94c539289d4690fe6d0f323e73e13ebc4e27e63b022686014f904
Red Hat Security Advisory 2015-0696-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
8aad9aa06e8c0583d9c577fe84ecb24280a7c96637da84542f66b7720c6336bf
Gentoo Linux Security Advisory 201503-10 - Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.
a9f61c24dc4fd90eec4a4d961874d8c10caaa2a0e38947b49c08bc7818eb3b95
Debian Linux Security Advisory 3196-1 - Hanno Boeck discovered that file's ELF parser is susceptible to denial of service.
c9c913f21e5b828502dfa6cd0f892724c147655579e341b09af2c0e77c6fdf1f
Red Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.
bbf93d3ad2423c641ff52feaf0acea28238c5242e79a963abc3c9b57d08540ed
Red Hat Security Advisory 2015-0699-01 - PostgreSQL is an advanced object-relational database management system. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.
610e1da80d02082e0b99d62885ec0fbd37a3cbda2b17ae3d6a254b281b4bec43
Ubuntu Security Notice 2536-1 - Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
fd7e0af1e4d2c41698918683416f3032ef7b2e82e83ac617340a7c68d27299b7