Slackware Security Advisory – New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
Slackware Security Advisory – seamonkey Updates
Slackware Security Advisory – New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
Slackware Security Advisory – bash Updates
Slackware Security Advisory – New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
Red Hat Security Advisory 2014-1326-01
Red Hat Security Advisory 2014-1326-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP’s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information extension did not correctly parse certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP’s gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap file.
PayPal Service Manager Script Insertion
PayPal’s Service Manager allows for malicious script insertion into emails.
PayPal Bill Later Mail Encoding Cross Site Scripting
PayPal’s Bill Later finance marketing site suffered from a cross site scripting vulnerability.
WordPress All In One Security And Firewall 3.8.3 XSS
WordPress All In One Security and Firewall plugin version 3.8.3 suffers from multiple cross site scripting vulnerabilities.