HP Intelligent Management Center version 5.1 E0202 suffers from a reflective cross site scripting vulnerability.
7911d915326d86bec4aa7bcdd5bae2ad5bd871c1220a20f5aee4f992e29eaf0d
Slackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2012-3499,CVE-2012-4558.
dd59a4f7ba10a11eeca1e12b9a3e363e4c2d7963af753dcc7be29703e80f10d2
tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
62230cdfcb9c3218df0be53b2e3a268a595d28b25dcb1ba190d25db91ae3d132
Foscam firmware versions 11.37.2.48 and below suffer from a path traversal vulnerability.
f4b1e390527c41627c9ae62096dda28d0459032a9ad0352cc420e905ed2f7d23
A fragmented IPv6 packet can freeze a system that has Kaspersky Internet Security 2013 installed.
2c06b8ddd32d00aa76afa2977acfd5a8cd06463b52895f16801d4092746487b5
Red Hat Security Advisory 2013-0588-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
37d86548a429bf2c433d2ed8df8b7f37463bdad93888243b9f793768fba79b40
Red Hat Security Advisory 2013-0587-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response.
b7d903807077f42489738c10fa1a2c73c8a13a97971c0e95a3061b959469a1d6
Ruby Gem Flash Tool version 0.6.0 suffers from a remote code execution vulnerability.
eabb60c3855ec8b85847261cb4d2c326b3edd6845b673b873d28fd6cd3d5fc58
Red Hat Security Advisory 2013-0586-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7e21979349010c735492afb3417266ca14442dd1f1f4f56ac3bae29bda8b9242
The saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.
62b15c41647306908f09a62162b45a2e5e879905919342200f2385c369e80460
Nconf version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
9f1bddc9948e13d42f84de9b6750e6e9ab80eec811aaf47155b3253dbed2c57b
Raspberry Pi firmware updater suffers from a /tmp/file clobber vulnerability and also fails to offer a secure means to update the system.
8ae9e75ba7ef9fa85acaf5cb66e9b8df15d576eed17c890be91b11f0dfa9146e
This is a simple perl script that will scan a given IP range and extract the Common Name from all SSL certificates. It is useful for discovery during penetration tests.
8bee3b0c0b06ba802a3816adb1b076af310701d747f2d5b5a2c0056512339dd9
WordPress Counter Per Day plugin versions 3.2.3 and below suffer from denial of service and path disclosure vulnerabilities.
f39c172e060702ed0dcfe1201fe6f0b86c45bdc5cc2ba8c854e93dfe294c2ea4
WordPress Caulk theme suffers from a path disclosure vulnerability.
5bb291bc52e07e39d0bf262920b79fe90169e0ccde330097ce186083296ab508