FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.
0f31d8be8e851db5b69fa3df18252499edec9d5d973028af8019e2d1dedd741b
ZENWorks Mobile Management version 3.1.0 suffers from cross site scripting vulnerabilities.
4bbde26ce7965cf1887a851e3e9618d8219aa196922007ddf099b40bc39424d9
ZCMS version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
48b7985536c829c68f8c273b6cbb3c70ba81616e23a0a6717f970b9388c773f3
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
2962493df3bab04e6da05c5a3ab7712dc75bd67fbb5d58875167e328474e2492
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d46bff1ad8715f8db73bf3d6deb2ea0641bf605d7e81b4b90da0ea972c16a264
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
d5d488cc9f0a07974195a7427094ea3cab9800a4e90178b989aa621fbc238e3f
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
4a6c29ad89a98d7832c599d9480d6d8e55355fb3b8f4b506c5df557f15942f9c
Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.
09135e38d13882eebea77629d624025c3928967909de59178c537978dfc7e7ac
Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.
5a6ef1506e51dfe8f5c743d4ac107de78835ad514c929a0dbd4c1e19c02acdda
Nakid CMS suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
213644d6e877f9fa9f9a49e5bc61b7ee71f973106f713dd2bf637428e4c5a084
Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.
2738129737c2ca9db8afcb24d75b7688377742b1d8ad9da2b2e8397c4bd6faed
HP WebInspect versions 7.x, 8.x, 9.x, and 10.0 through 10.4 suffer from an XML external entity vulnerability.
44df7fcf639b2f66354665111858dd4bced1a796a547d6fed87ff5cd8eccb16d
D-Link DSP-W110 suffers from command execution, remote file upload, and remote SQL injection vulnerabilities.
987c2150fb283efdb56ad6e1fe865f4be1e2dd33aa09a56da9ad840d2f12fcee
OSSEC versions 2.7 through 2.8.1 suffer from a local root escalation vulnerability.
da7900816ec1317c697a05427f893356afcf036cd0b4650baf2f3a1691906bca
WordPress Paypal Currency Converter Basic For Woocommerce plugin version 1.3 suffers from a remote file read vulnerability.
e04dd5ea02115e46a5cc0fb22ba122f16b77c65143a6298895abb799aa17cfc8
WordPress History Collection versions 1.1.1 and below suffers from an arbitrary file download vulnerability.
292b146038de272d4fe5d399d89090da275db148602fb4c38a8f1875b905c077