Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information and manipulate certain data, by malicious users to gain knowledge of sensitive information, manipulate certain data, bypass certain security restrictions, and cause a DoS, and by malicious people to bypass certain security restrictions.
126be620f00bdbdbd91e3fad76a7f23ecc19469e794004a02fb50f4e9f2e5d91
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
3921be400542ad8b66f2ad3a5e76763bec88068d4951e85a0d664844d9ce23ed
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
312c2d9673be9c4269e466183c43c773e722f5516f299990ed56c53da2cd58a2
This paper documents step by step instructions for intercepting TOR users via proxies and using the BeEF framework. It takes injection and proxying attacks on TOR to another level and is a very useful read.
a9c7eed3c9863cb9f1cfe0b7e5af13778a4e6b7dd3d0709eed7757cb79cb0761
Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
ea724ecfa139cce21a82d519e62f8208e1fc9f237c8b65f59575eb3205065962
Secunia Security Advisory - Four vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
70502b5fe87c4f29098d2c8751c89e58a22209d9389244c268fa0039fb22f885
Secunia Security Advisory - A vulnerability has been reported in Flash Player, which can be exploited by malicious people to compromise a user's system.
e0733d737d0d8ddbe3aadff8a040109e471ebf225c1b95fa19168f756675e864
Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system.
12cc9c82d1a759e826a34c897eecd35f6dc0ec6fcc84301e9699f4c77ebdbc82
Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
e1e63d928727335a2cb10d40933ced7165bf829ba3b84e7308fcfec354967046
Secunia Security Advisory - A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.
d6bbe46a29dc3c302794ef44df8800306ce895bfd0c34048b4b956e4c73c2316
Secunia Security Advisory - Two vulnerabilities have been reported in HP Fortify Software Security Center, which can be exploited by malicious users and malicious people to disclose potentially sensitive information.
dcee000b95e31ec23cf2b6b5733eca431a992612a74e67ebec0c0aa7c74e9161
Secunia Security Advisory - Brendan Coles has discovered two security issues and a vulnerability in TestLink, which can be exploited by malicious people to conduct cross-site forgery attacks and disclose certain sensitive and system information.
b75356024a543a0d9fde7722cd0bfef56d5c9bb5cdff27c1f45155eefb22e5ad
Secunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system.
e049e0b801540514dc4f36105c6d528a821ec2b23a16e48e0fdaf8849f69011a
Secunia Security Advisory - A vulnerability has been reported in some Microsoft products, which can be exploited by malicious people to compromise a user's system.
792a63b069aa7a3f73568e6ad5a1f0884ebbf23ffdcbd39d698fa21e085202ef
Secunia Security Advisory - Two vulnerabilities have been reported in HP Service Manager and Service Center, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
ad6ffec457e6c1524a99a422c41160f6b60dfcc1852d2d3b8ed4c9b76d2eff58
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
6950672e88376f5de7976d0ac9e479c6a3ecdb8d2d214887347eb24f367d5d8e
Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
3c758c94c86c4ac72895c9fdaefa767f6b9256d8e658c5b70a850133a119c72b
HP Security Bulletin HPSBHF02804 SSRT100631 - A potential security vulnerability has been identified with HP Integrity Server models rx2800 i2, BL860c i2, BL870c i2, BL890c i2.The vulnerability could be exploited to cause a Denial of Service (DoS). Revision 1 of this advisory.
4e4cf0259e45a78879f22245f35ad765f2328c35712f2d71b73b33d87d5d00f6
This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
0b8fb5d16df4fc969d43e3061660de06ffdf0cfc0581883a9f80e8a04b40a600
This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.
943d1370d3c4c203bec054c6328adda12b9aa04b01b7010bb71dea9ec2bef8a7
Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
732af7ab4447e86da664cb28cd27c2933227231e898ccd4393d48db0e3186698
Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
4d043603529ee5cc103e3b5aee7adbaaa490fe5f2e360031f1ed03e54b0f33ca
This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.
d7801d84f2c0b381a4eab2c495d1007bc1e69f64d876b88ff24732a4755a2f71
Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
e505291a3ada9f1ba3928113fa70f9f79bfc771b2fe8e20560d612d5c64beb5b
Mandriva Linux Security Advisory 2012-131 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.
d2dfc5f2426fd1d0773603a84cfba004ef4a99ccaa10eaee9b7fdd6c41ecb855