Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.
4336ac24272f9e03af411eafef0734ba3a8c0d939a93fed5265bff19cf5612fe
Apache Cordova versions up to 3.5.0 suffer from information disclosure, whitelist bypass, and cross application issues.
b40574101ee277ded07c47ea5ed1519dd4879415cb724ee5af90126d1af3c686
Paypal suffers from a two-factor authentication bypass vulnerability.
24457ef5527880a0a0aac8ad1972d107dd0beccd20fb9d4ea2a923cd5c44e4a8
HP Security Bulletin HPSBMU03037 2 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
084b66e055026239b823e5a146253361afc7465060ae9d8e71bda3d8c747d60b
HP Security Bulletin HPSBMU03083 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
73a42dd1d205af075ac13a53980fa2d8b783c0e087511fc3a802fccf142ae482
Red Hat Security Advisory 2014-1008-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges.
895f5c5ab38ba11c423dfd8da315b61b826d60c28bd9d7889d9f879a38bc85fd
Red Hat Security Advisory 2014-1009-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
70496a8ebb4dd1731d7edfde1a87d5bddac755a49a265d385ecf721c1029c329
Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.
85b1f00c2d58351a28e5e5bf4fbb3b0ca4c61a877b00712d9431223f7f23c474
Red Hat Security Advisory 2014-1007-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.
d98d504697aa47b6242efe729363b71b1e6d6ea5e32959c502677616fcef87e6
Red Hat Security Advisory 2014-1004-01 - The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically.
ec8a17bf89ea6a89674dde7563f016ec7cbf92c2d068f45ce3c2e5528b449282
HybridAuth versions 2.1.2 and below suffer from a remote code execution vulnerability.
b4a2c10f7402a9aa4df106939ba9ab80577ac3249e5e9f2dc6910440f71a315e
Vembu Storegrid Backup and Disaster Recovery solution suffers from privilege escalation, information disclosure, remote code execution, cross site scripting, and denial of service vulnerabilities.
d618d75a0f84b532d28659f6547552d0538321f116fca1ea5115a8b5e9f9d91b
Superfish version 7.x-109 suffers from a cross site scripting vulnerability.
8ef2faf2c277333323448167cda1e9519a40ce672d93c2c92b8380794c6b3b0e
LinkedIn suffered from multiple user account handling vulnerabilities.
b7e80b64ef8208024ba12901499b3e191a841b53b9be1ea935d1b89ecafb893e
The shellcode downloads and loads https://rstforums.com/fisiere/dead.dll. The dead.dll library contains a simple MessageBox.
9b3b71b034ad73528caa43cda1296e3fe7ca567b2a131fa15fa58dd4abd4c16a
Whitepaper discussing how to not get man-in-the-middled at Defcon / Blackhat. Attackers in position to carry out Monkey-in-the-Middle against CDMA2000 links between customer stations and their carrier BTS equipment can leverage silent push PRL updates to apply a routing list preferring paths through malicious "tower(s)" carrying the subscriber voice and data traffic under threat. The use of a specific PRL version Zero (0), aka Preferred Roaming List Zero Intercept Attack, implements the rogue tower associations with least potential interference to legit carrier bands and devices present in broadcast domain of attack.
6ad1a29ff7edb0d81dee055061cb3d55b7de08bbf42dac02402dc4abff248b24