Two security vulnerabilities were discovered in Heirloom mailx, an
implementation of the mail
command:
Monthly Archives: December 2014
DSA-3104 bsd-mailx – security update
It was discovered that bsd-mailx, an implementation of the mail
command, had an undocumented feature which treats syntactically valid
email addresses as shell commands to execute.
Vuln: X.Org X Server CVE-2014-8097 Out of Bounds Multiple Integer Overflow Vulnerabilities
X.Org X Server CVE-2014-8097 Out of Bounds Multiple Integer Overflow Vulnerabilities
Vuln: X.Org X Server Protocol Handling Multiple Out-of-Bounds Memory Corruption Vulnerabilities
X.Org X Server Protocol Handling Multiple Out-of-Bounds Memory Corruption Vulnerabilities
Vuln: Google Chrome CVE-2014-7906 Use After Free Remote Code Execution Vulnerability
Google Chrome CVE-2014-7906 Use After Free Remote Code Execution Vulnerability
Vuln: Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
Vuln: D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
Intrexx Professional 6.0 / 5.2 Cross Site Scripting
Intrexx Professional suffers from a reflective cross site scripting vulnerability.
Why You Shouldn't Trust Verizon's New Encrypted Calling App
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the ‘login’ POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack. Versions 1.3 and 1.4 are affected.