Franklin Fueling's TS-550 Evo suffers from insufficient access control and hard-coded credential vulnerabilities.
14ac4a0dcc8435d0f374279cb775ebf17d70e2a89ab2da0be5848b1242b49de8
Ubuntu Security Notice 2086-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
ecdc49310c2f71acc9a595510d489697a1eee7e94d568bb4b84e9a20b11f608d
Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.
862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955d
Mandriva Linux Security Advisory 2014-013 - Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a long string in a character name in a BDF font file. The updated packages have been patched to correct this issue.
b0af7255ba31dc33177e93d56e6db8a83b8031f8aed0fa39e9a98030107af6e4
Gentoo Linux Security Advisory 201401-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 11.7.0 are affected.
d5b3fc8ed465d4421b3d81a545983bd6659d93187fad9065936730f85fd097e5
Red Hat Security Advisory 2014-0037-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.
0efac53ce37dda2703115556d8acdb23c24e8653403827521c96bb2c8715f1ab
Gentoo Linux Security Advisory 201401-18 - Multiple stack-based buffer overflows have been found in OpenSC, allowing attackers to execute arbitrary code. Versions less than 0.11.13-r2 are affected.
f7754ad1de3b980ff1e8b4d74435828455a2e2c1d07ad228b46d148aa2740c15
Ubuntu Security Notice 2084-1 - It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.
e92ab9f2fc27450cbdfc097304af025ca1ef510e02d2e35503392f21c8a3522a
Ubuntu Security Notice 2085-1 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. Various other issues were also addressed.
82c9a363a9042992362ccff7d326ebeec0884d0c91fb82f0fb606370bad9f552
Gentoo Linux Security Advisory 201401-17 - A vulnerability in PCSC-Lite could result in execution of arbitrary code or Denial of Service. Versions less than 1.6.6 are affected.
d9ebd17c9ea06a31a3f650f7cbeb686c6eca5ea673dc3832bc97cdb7e38dc582
Gentoo Linux Security Advisory 201401-16 - A vulnerability in CCID could result in execution of arbitrary code. Versions less than 1.4.1-r1 are affected.
4f0fa5f1896195a50a99d07e9cae6879be76eabf823c0761b9296527c318d03b
Imageview version 6.x suffers from a remote shell upload vulnerability.
9e8ceb871f0ad6945720f72ead88ac76a5adde822a800af98a3e6c5cb69a998f
This Metasploit module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service (OmniInet.exe) when parsing packets with opcode 42. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows XP SP3.
e7a3d21e3865ca5079635e091b85f2ee54310e84b996a25d7bb03ee3a94397c1
Debian Linux Security Advisory 2847-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework.
aa18c02a1e2bc92bf8e6cbaf332041d96c7fbb2e5309c8aaa2138487acb989b7
MuPDF versions 1.3 and below suffer from a stack-based buffer overflow in xps_parse_color(). Proof of concept file included.
7d0272e5a941d51fad81deef68d7e97246b779ea7b1e7ff989e5baf9afe9ee13