ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." Date published : 2015-02-03 http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda’s crypter or (2) mew packer file, related to a "heap out of bounds condition." Date published : 2015-02-03 http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html...
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Date published : 2015-02-03 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Date published : 2015-02-03 http://www.securityfocus.com/bid/72378 http://www.fortiguard.com/advisory/FG-IR-15-003/
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Date published : 2015-02-03 http://www.securityfocus.com/bid/72378 http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Date published : 2015-02-03 http://www.securityfocus.com/bid/72378 http://www.fortiguard.com/advisory/FG-IR-15-003/
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Date published : 2015-02-03 http://www.securityfocus.com/bid/72378 http://www.fortiguard.com/advisory/FG-IR-15-003/
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified...
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2015-02-03 http://www.securityfocus.com/bid/72400 http://piwigo.org/forum/viewtopic.php?id=25016
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. Date published : 2015-02-03 http://www.securityfocus.com/bid/72401 http://roundcube.net/news/2015/01/24/security-update-1.0.5/
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary...
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2015-02-03 http://www.securityfocus.com/bid/71985 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-003/
Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-02-03 http://www.securityfocus.com/bid/71985 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-003/
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2015-02-03 http://www.securityfocus.com/bid/71984 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-002/