Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
26a86c0bd80463e579796f61879dae0ea0b6b4039d59758af1a58643d38b3459Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
b2b1c7b1e4a5c6a71a131aa0a9589a106ac6431993dc3ad47f5082c3fd9a5ac8Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
fc44a93eba283e1584275d9596c2494164e66d54813e74e0886f302958943e2eRed Hat Security Advisory 2015-1041-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
ca80b7b5b399e7d7f9d4b52fc1738483535cd392df8030a2096d79d0ce76f1a9Ubuntu Security Notice 2624-1 - As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks.
8328f1487126fffcb5e26e11cf2e68e0cac14035a9c3421be07487106d453b8dUbuntu Security Notice 2623-1 - It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain UDP packets. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service.
7c3a3902464354d266c4315c3b191a0183bab513adc8856e0e6d8c2646ac76cdDebian Linux Security Advisory 3276-1 - Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any controller via the /_fragment path by providing an invalid hash in the URL (or removing it), bypassing URL signing and security rules.
42e6a6804a0b595eed00494c42c75f80ce06b9b617a92a2229c0b7bad026d203Debian Linux Security Advisory 3269-2 - The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression.
88dd628a7933080b370958111c02eab3cd98208ee86436c0e9ffa7e4cd774343Debian Linux Security Advisory 3275-1 - Ansgar Burchardt discovered that the Git plugin for FusionForge, a web-based project-management and collaboration software, does not sufficiently validate user provided input as parameter to the method to create secondary Git repositories. A remote attacker can use this flaw to execute arbitrary code as root via a specially crafted URL.
c184c6b561b6fcd2eb432f1f2aae55189e31682b9df00a55e0e0d5e60ae381c2Gentoo Linux Security Advisory 201505-3 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.2.13 are affected.
b68fe150f671d88e3e451aee79af982757cc142d624ae403752b2b561357f0f7Gentoo Linux Security Advisory 201505-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.460 are affected.
f663dc1cfad1b619dc5d05e5d0d9e4af9c891c5a188d77bfad0c62379107bdfbSafeConfig 2015 has announced its Call For Papers. It will take place October 12, 2015 at the Denver Marriott City Center, Denver, Colorado, USA.
5fa6736b1a9382b14d3550ade42927ff1082ddcd7a6b81a0ad43d5ba3ce1c704IBM Security AppScan versions 9.0.2 and below suffer from an OLE automation array remote code execution vulnerability.
bdbb02b9c45e103fb031db03d3afe666c96f49b923bd92f0bb91da75ba3e0e4eWordPress UserPro plugin version 2.33 suffers from a cross site scripting vulnerability.
00c7e1c5aab8cf7ed24d12abd7444f650a18fdb923d4feb349ffba2b5d6101aaYooz.ir suffers from an open redirection vulnerability.
1938b338a8c5497ac044dd74014ba1153a233eba4d43e82e746d34f5cdba5f6e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed