Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
2914253d34dd4ebe9656461e0f1f6fb3
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
674b6bf22606298c98e7735b994dec25
HP Security Bulletin HPSBMU02797 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.
3e29893be20792aaf96b0d087fbf27a2
Dr.Web Anti-Virus versions 7.00.0 and below suffer from a remote SQL injection vulnerability.
8f2876382dbab1d5e7cdb086345649cb
HP Security Bulletin HPSBMU02799 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.
ec82e9cea1d7978959a4fe00cfd7ecd3
metaSSH is a session plugin for Metasploit that gives you a meterpreter-like interface over an ssh connection. The author original wrote this code so they could cleanly reverse pivot over ssh from within metasploit. Features include multi-channel, pivoting, post-exploitation module use, and more.
d154d6986acc7ae7bda65c447110380b
Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
064afe6da9ccb4ec7edaecd5a3f04847
Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
7f6a48e8406e1e958428ab0ef9b73cf2
KeyPass Password Safe version 1.22 suffers from a filter bypass that allows for malicious script code insertion.
30e15261962d2887006192490f0dbd00
AVAVoIP version 1.5.12 suffers from cross site scripting and remote shell upload vulnerabilities.
5c51e35fff985584f64b5ae95e030956
Ubuntu Security Notice 1508-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).
ee3719a2667aeb60f2e2c36a38d46063
Ubuntu Security Notice 1507-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded. Various other issues were also addressed.
4214caf4318fe3057bfd0b939ab98b5f
Red Hat Security Advisory 2012-1090-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
b900ea090ccd11a08803cb0092c0a2d8
Red Hat Security Advisory 2012-1089-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could bypass same-compartment security wrappers and execute arbitrary code with chrome privileges.
fecd36d9c43178ac5020e54296033350
Red Hat Security Advisory 2012-1091-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
5cbcf5edc302a46582968515f609f644
Red Hat Security Advisory 2012-1088-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could bypass same-compartment security wrappers and execute arbitrary code with chrome privileges.
54f185fdee4b7caf2ba206fdea9a91d6
Red Hat Security Advisory 2012-1087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.
1f5d06d35eeb9528ecc82d8e2a1e0ebb
Secunia Security Advisory - A vulnerability has been reported in libjpeg-turbo, which can be exploited by malicious people to compromise an application using the library.
71f4a33566998d94d16791a69ab6f107
Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
cb9e750096d5ed220e82504ac074fa09
Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, hijack a user's session, conduct DNS cache poisoning attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
8d771f5b11c2476cb65739adb638796c
Secunia Security Advisory - A security issue has been reported in Yahoo! Browser for Android, which can be exploited by malicious people to disclose sensitive information.
198318fad0b61ac98b32627e0a0e1e10
Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
9312ad2de05c14fbedb553d7399ab202
Secunia Security Advisory - Pawel Wylecial has reported a vulnerability in CakePHP, which can be exploited by malicious people to disclose potentially sensitive information.
dbc40f3b04d717ffc7a3a5cdbba23772
Secunia Security Advisory - A weakness has been reported in IBM Lotus Protector for Mail Security, which can be exploited by malicious users to disclose potentially sensitive information.
4d125f6fb99c7e70baa9196cbff5d240
Secunia Security Advisory - SUSE has issued an update for libxslt and libxslt-python. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of an application using the library.
80c52da4816ebc5daacf4adf9cdca30a