This bulletin summary lists four released Microsoft security bulletins for January, 2014.
fcfdc30f9b72dea32e5439cef1f4cd0201638fba630514c458ae1bab294f5ecf
Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
ebc0bf7db2c1373c3cec26d9751559ebf1ff1de1ec43698726547a8808565a5d
Red Hat Security Advisory 2014-0025-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. It was found that sending a GET request for a destructive action could bypass the Ruby on Rails protect_from_forgery mechanism. A remote attacker could use this flaw to perform Cross-Site Request Forgery attacks against CloudForms applications.
0c9647d81c1ee7bbaf26f495a51c3ebef52784b03464346781b0b5a7efff0c98
Slackware Security Advisory - New samba packages are available for Slackware 14.1, and -current to fix a security issue.
aaf542c1edaf53c34eb9aee0f7ef9b039611aa47d44495a0d8bc548201d9a409
Vacation Packages Listing version 2.0 suffers from local file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
2bdf5252a437ed9b82fc9a36984e8ce2950adc00f97d72f42e80839b21d2f155
Slackware Security Advisory - New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
6394a6219f519797e6e2a631308ba51c9b5e8024b626b8a34996b053a19ea42d
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
bc903a0a959cce6e5dbe26e4dccaf878b0b855055bfbf76f4cec1d06d578d724
Collabtive version 1.1 suffers from a remote SQL injection vulnerability.
4ccd9392451157e07b80a97d674467a3ad3cd4c6211a3ac5eb02251e20a3f80d
Feixun wireless router model FWR-604H suffers from a remote command execution vulnerability.
a4d469886a452ba3ca6841d255b83c33a9d2eb192562894a501300d27c415c3a
Starbucks mobile application version 2.6.1 stores user credentials in the clear.
f357262cd9b2c84a1496c59559c4d8a36bac082c31aa8a2cd66a36eea00f39b0
Hootel Booking System version 3.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
f11147ea6f2aed760f4ad6a0e7accb507d0036a71ce14fc127752e18bebeb542
Property Listing Script version 2.0 suffers from a cross site request forgery vulnerability.
e80ab65a3f1d49557eb6f680730572fdfee9645a2c0d6934525c5217d5c4221b
Pet Listing Script version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4b171a2301b674180ecc85661048b60eafae8407b2cc0708295835dc4ad7f961
Web eXperts suffers from remote shell upload and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
29a0b07f364907ca5a8f9f9460b45a293c40de6d5feebac7fb0362ac7a1255f0
SoapUI versions prior to 4.6.4 suffer from a remote code execution vulnerability.
fdafc7da1814b9291ce4fb8a036001c106992cd441f8dafe7c706b07de221cbf
Whitepaper discussing attacks on LSDBs in the OSPF routing protocol. Written in Persian.
2925729948bb28893bfc85ad92ab04870501f540cbe04ecc0de3c9908899c481