HP Security Bulletin HPSBPI02869 SSRT100936 2 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 2 of this advisory.
a9dca3c4825c47cafb0724eda81a516435346a85ffcf387d5a0d688c432d4542
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
0ed9bcae798b16c04479f383aac666e0fe08c910d554d64d85d2b36d2589f39a
Drupal Node Access User Reference third party modules versions 6.x and 7.x suffer from an access bypass vulnerability.
72f47a6a6e6973e3e39622ab4cf8126f6e774ec94630c12a495bf132fb669943
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
31f2d0097dcb428cdfb4e14b20982cbccf4d799920eaa871858214dbddcd6c85
Drupal Edit Limit third party module version 7.x suffers from an access bypass vulnerability.
d0b1f3c120e9f1a008b287af7cf39f84172469dc6999e6905fa78ed4ce37085d
Drupal Webform third party module version 6.x suffers from a cross site scripting vulnerability.
fc0733d2cdfe52857e64d1f24c632b9b84ebd4e0e9019f5fa3d341a4c0fbbe16
Logic Print 2013 suffers from a stack overflow vulnerability.
ba1216bc16af7f8d80b5c358f6e4541518b85fb4b8d3fc8150c331d6f1c6e2a1
Intrasrv Simple Web Server version 1.0 SEH based remote code execution exploit.
912fd073e0d783dd318697693b042acb7b403d1ca339837fcfa75c842e5512b8
When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.
b4e14816e4c5cdc0de651f2cc750a97fa531e3a0c488cb71922a3bc534259845
A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.
490680f010ed632a71b903374189cc43de53208be861742cff821a065866c2aa
Monkey HTTPD version 1.1.1 suffers from a denial of service vulnerability.
9f43c0d9a2bd9b380f9c63f0e17d6265c76af43e959168f66ca0eb9c22f6dac0
Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.
a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6
Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.
bdf64ce78ce70768d1fe3ce67fda771767ed7e96de1d354350dab867eaaad7d3
A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.
3c7292de3b3be1ee12992e0ae63f056545cf432aee257c5c37c07bd209db55b4
RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.
51025b283bf7b06aa4e48a2045497a92ea112092445f55c38c3447b5bb77e3c5
Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.
be1c65865610ffa4ea64d482af3d1506e85a734aee82c78be916717a870a7144
Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.
640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bf
Ubuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.
5c9dfe86b629e13c70465ca13b50699af22a4c89469cb4a7e9f48576a2adb371
Mandriva Linux Security Advisory 2013-170 - Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been upgraded to the latest version which is not vulnerable to this issue.
b6470f67993d2d22bc91e370c86c46404de158d07c1702819900e876709ab063
YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.
22671d10a80df232f64150e4e78af6be36a8803fbdb6475a8eb01087172a3425
TP-LINK WR842ND suffers from a remote directory traversal vulnerability.
ac4197fdb577b1dab807bec29d445b9cd6d5ff28f301aaac5ea7915033dfc735
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
8235ee04f4189bc07a3fe23cd8d28c1f794edd27430d87abbda4d3a71671592d
CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.
2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394d
Ubuntu Security Notice 1831-2 - USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Various other issues were also addressed.
a50ab4b4de6a17a5bf675ce2e2d8f1ac4f8d0e30adadd5f88dc4ecf39fa42552
TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.
d96b583866927f2f59a08545c251d956a2dfef2c6512197cefb588c1ac39997b