Debian Linux Security Advisory 2598-1 - Two security issues have been discovered in Weechat a, fast, light and extensible chat client.
92f147ead0a79bb1603e1584a50c120aa2a9751fff291ca1d65984a94a4c7184
Debian Linux Security Advisory 2597-1 - joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to "find_by_*" methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known.
3170b1dfa4cabe5df92045c3acd89aeaf43419c236f756f2a6d6d934a603e01c
Debian Linux Security Advisory 2601-1 - KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption.
454e24ef78762c7361f91bee17b049f501687a49633197f6be0765571af2a35b
Debian Linux Security Advisory 2600-1 - Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges.
0d6657bbe9face1fbb4e35162175e4a6745c9fa92c9111fb045abc2fff47be73
Debian Linux Security Advisory 2599-1 - Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CA's which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CA's. The two existing TurkTrust root CA's remain active.
fa050be1646bd3c22490f9654914cd8a1e170c4c0da333945bcb0032099ed43c
Chrome for Android suffers from a universal cross site scripting vulnerability via com.android.browser.application_id. Version 18.0.1025308 was released to address this vulnerability.
c81f58fce093180e26cfa2cc77ccdcaf789da62cd74bdb5fa8948d858c2f5c2f
GetSimple version 3.1.2 suffers from authentication bypass and remote code execution vulnerabilities.
999e5026f6a4d4013284f6b65319eaceb75847c3e9cf7b3ae5e9dec3d846289c
Simple Machines Forum version 2.0.3 suffers from file disclosure and path disclosure vulnerabilities.
2448ca2a7c345caeeaa565478a61767ebcb53e9c2045f60bd81cfae16e1619ba
E SMS Script suffers from multiple remote SQL injection vulnerabilities.
707ae772ba866f83024c9e571a0d594356fce20bee12ecd170b27cb8504e921e
TomatoCart 1.x versions suffer from a cross site request forgery protection bypass vulnerability.
2fc3c065ef54c0a5d0a3c5baf65d93162f94ee29951c2c74071676ccf05f3785
This paper was written in order to help beginners learn the Metasploit Framework. It comes loaded with screenshots and walk throughs.
c07b6ce47a8e5691ff09e9c3ceb6f408a313d0cff38f17da87ce2be9da0ee555
Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
3afa1fb429333cf1991e83c72e0f418497e5093142aaff074fd0187eab8df376
Secunia Security Advisory - A vulnerability has been reported in concrete5, which can be exploited by malicious people to conduct cross-site scripting attacks.
a471c3941cc98518d99051d7bd53c3d534ae981b339f6425e9fce7e4840e02de
Secunia Security Advisory - A security issue has been reported in ProFTPD, which can be exploited by malicious, local users to gain escalated privileges.
c32e691881b331972291c054e26e2cfcf6488dbc05baa56fa59d694f5ed10f0e
Secunia Security Advisory - Two vulnerabilities have been discovered in TomatoCart, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
198763444a2c8603ab28f433a22c2d3dbf7bec3ce2a5eb90c3e226dfc5cc76c8
Secunia Security Advisory - Robert Gilbert has reported a vulnerability in Nexpose, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7359f606731edf423856f8724789725de61d5b1eacc295ca91974af4c81197db
Secunia Security Advisory - Debian has issued an update for weechat. This fixes a security issue and a vulnerability, which can be exploited by malicious people to conduct spoofing attacks and potentially compromise a user's system.
ec9fa8633c249c8b8ceeb4630d79c8fd6c2977a38d1c75b638edd8ab1649ad16
Secunia Security Advisory - Nikita Tarakanov has reported a vulnerability in Symantec PGP Whole Disk Encryption, which can be exploited by malicious, local users to gain escalated privileges.
75035f4dd315b403e1c165d6537dcf59d81b93e62bbd198a7040dda21e2dfe58
Secunia Security Advisory - A vulnerability has been reported in Jenkins, which can be exploited my malicious people to disclose certain sensitive information.
21e0d1b12ff15d991e44836e4a2f9feec69d72b65b50467dd618a9145812e045
Secunia Security Advisory - Two vulnerabilities have been reported in Perl, which can be exploited by malicious users to compromise an application using the module.
e0fe995f2a1f2b7ee357e071d608d69601a46bc917817fd8579cf280509f10fa
Secunia Security Advisory - Two vulnerabilities have been discovered in the Profile Wii Friend Code plugin for MyBB, which can be exploited by malicious users to conduct cross-site scripting and SQL injection attacks.
bf96ae37bd071889be0041e04fa730c918017047f1955a1b054ccdeea9885bc1
Secunia Security Advisory - Henri Salo has discovered a vulnerability in Havalite, which can be exploited by malicious people to conduct script insertion attacks.
c40039c83766d2ba2eadb3e6479b4ba9ce26a36fad96b95900e895818d17ad58