SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the...
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to...
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2015-01-22 http://www.securityfocus.com/bid/72277 http://advisories.mageia.org/MGASA-2015-0085.html
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Date published : 2015-01-22 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. Date published : 2015-01-22 http://www.securityfocus.com/archive/1/534511/100/0/threaded...
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess...
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. Date published : 2015-01-21 http://www.debian.org/security/2015/dsa-3137 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Date published : 2015-01-21 http://www.securityfocus.com/bid/71284 https://bugs.freedesktop.org/show_bug.cgi?id=66670
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. Date published : 2015-01-21 http://advisories.mageia.org/MGASA-2015-0040.html https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Date published : 2015-01-21 http://www.securityfocus.com/bid/71715 http://advisories.mageia.org/MGASA-2015-0040.html
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file. Date published...
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file....
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified...
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain...