Groovy Media Player version 3.2.0 suffers from a buffer overflow vulnerability.
154fba6d11b45be152dff83491133c68afd025c1107e9ca14a9bf8a9782ae56b
Debian Linux Security Advisory 2658-1 - Several vulnerabilities were discovered in PostgreSQL database server.
3978a0cac2022d000f6bf2e713a064deb97d8cba9cb799e9a58b9600000c7d1d
Debian Linux Security Advisory 2657-1 - A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess.
c08c5177305edfd149a1e4521276e58636169330d00a081a0deb39b58320f73b
Ubuntu Security Notice 1789-1 - Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. Marko Kreen discovered that PostgreSQL incorrectly generated random numbers. An authenticated attacker could use this flaw to possibly guess another database user's random numbers. Various other issues were also addressed.
3d54aa2573b486a74e8e765aa5c214a84ca4b6d865a5fa2f6fb3b3ebae1f2343
Censorship Professional version 4 2.1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
eca09f06d856a2acf71f66a9d6bcb8247e827537969b963b1cad45744838ac15
The GreHack 2013 Call For Papers has been announced. This symposium will gather researchers and practitioners from academia, industry, and government to discuss new advances in computer and information security research. It will be held in Grenoble, France on November 15th, 2013.
b49982433fbc137da04862cc7779ef0533a9be7622dd62ab33ada640294d4ea4
In November, 2012, High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April, 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.
247383f376ee16946d9314eb4cb430f00045438e994129e80eb43797b132b877
Mandriva Linux Security Advisory 2013-015 - Multiple vulnerabilities has been found and corrected in apache Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. XSS in mod_proxy_balancer manager interface. Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.
4ae24fb76f8afce328627b627a999255f95bafed86cfe2ebeb29ccb535f831e8
Radio CMS version 2.2 suffers from a remote SQL injection vulnerability.
02c24c7ecb1e5eceba6a2e68fc15744da7ea2221c2ce96e58ff37befd3a20ed9
Some Netgear Routers are vulnerable to authenticated OS Command injection. The vulnerability exists in the web interface, specifically in the setup.cgi component, when handling the TimeToLive parameter. Default credentials are always a good starting point, admin/admin or admin/password could be a first try. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.
623ce5343f36444ea84dd10286be202aa0da4fc1e9e606d5ba8d7544d69fb889
Ubuntu Security Notice 1788-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to bypass ASLR (Address Space Layout Randomization). A local user could use this flaw to bypass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discovered in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.
9ecaa69d02aa8fe1fd206acd5b92e9d14713d1eb09058fe070ae2ff8bf252c55
Debian Linux Security Advisory 2654-1 - Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted xsl stylesheets.
611157f1fa62bc46d42ca04002b65750af6dd9323d8ab9fa358a4a37f6eecc4f
Drupal Chaos Tool Suite third party module version 7.x suffers from an access bypass vulnerability.
b55ff80ca58f0d120f56f06f4a262eb5548b3897bb9bc8ff17362d457d56ecb6
Drupal Commerce Skrill third party module version 7.x suffers from an access bypass vulnerability.
ec174f0492c5a015b555846c86533724f65b5e2be1be13156ba135d28cae6b53
Hackersh ("Hacker Shell") is a free and open source shell (command interpreter) written in Python with built-in security commands, and out-of-the-box wrappers for various security tools, using Pythonect as its scripting engine. Pythonect is a new, experimental, general-purpose high-level dataflow programming language based on Python. It aims to combine the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python.
c188aaa57fe58d3d722bde76e26f37d182dad24c2a123c3691f08b71d8849d85