The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. Date published : 2015-02-27 https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d https://github.com/skoranga/node-dns-sync/issues/1
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary...
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter). Date published : 2015-02-27 http://www.securityfocus.com/archive/1/534710/100/0/threaded http://packetstormsecurity.com/files/130403/Cosmoshop-Cross-Site-Scripting.html
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. Date published : 2015-02-27 http://www.securityfocus.com/bid/72879 http://www.securityfocus.com/archive/1/534790/100/0/threaded
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date...
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. Date published : 2015-02-27 http://www.securityfocus.com/bid/72775 http://www.securityfocus.com/archive/1/534750/100/0/threaded
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. Date published : 2015-02-27 http://www.securityfocus.com/bid/72778 http://www.securityfocus.com/archive/1/534751/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2)...
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which...
KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. Date published : 2015-02-27 http://www.kent-web.com/bbs/joyful.html http://jvn.jp/en/jp/JVN88862608/index.html
KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. Date published : 2015-02-27 http://www.kent-web.com/bbs/clipbbs.html http://jvn.jp/en/jp/JVN62298871/index.html
npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers...
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated...
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a — (dash dash) in a username. Date published : 2015-02-27 http://checkpw.sourceforge.net/checkpw/changes.txt http://jvn.jp/en/jp/JVN34790526/995575/index.html