Gentoo Linux Security Advisory 201503-9 – Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.451 are affected.

HP Security Bulletin HPSBST03298 1 – Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 1 of this advisory.

Gentoo Linux Security Advisory 201503-8 – Vulnerabilities in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.22 are affected.

HP Security Bulletin HPSBHF03293 1 – Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.

The Spybot Search and Destroy application suffers from an unquoted search path issue impacting the service ‘SBSDWSCService’ for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.

Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters ‘config_title’ and ‘title’ thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user’s browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags.

Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.