GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
0543ca13ce9ee1dea95a9349d319623b74d93b8a23935543197b1682bb7f2b5b
Drupal Flippy third party module version 7.x suffers from an access bypass vulnerability.
e05dde6d1cfcc650059a70b7a0b17651578f9d0adca3f0f4a74d219ca763d248
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
a1614a6f14bb9e9c5ef22b488b156cfbb4b88c0698998d71453118c95f46e904
This is a brief whitepaper that discusses the Wireshark network packet analysis tool. Written in Turkish.
571369c84acdab916af5d9a34f47d0e70748ee280034c73b56aeb83a72a95ec0
Ubuntu Security Notice 1920-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
2f91134a1a557092454434ee596a252d809898b18b8b16a6e4b0407d4f00c5a1
Red Hat Security Advisory 2013-1121-01 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.
017a385dceb214bf5d315228e72812b052260e68a9038125edf5e5e4839ab846
Mandriva Linux Security Advisory 2013-203 - Multiple vulnerabilities have been discovered and corrected in phpmyadmin. Inclusive are cross site scripting, path disclosure, and SQL injection issues.
8090445e4dda8633ddc5b78c9804c5857de7dd5a3cadd344ba35eb672777f0e7
Core Security Technologies Advisory - TP-Link TL-SC3171 IP Cameras suffer from OS command injection, use of hard-coded credentials, authentication bypass, and missing authentication vulnerabilities.
65c946f42cda6e7f2e468690ba32b2210dbcd121ef351a42cfd3246f433128d2
The Better Security Wordpress Plugin suffers from a stored cross site scripting vulnerability, which can be exploited by a remote unauthenticated attacker to steal cookies or gain privileged access to the affected site. Bit51 Better WP Security Plugin versions 3.4.8, 3.4.9, 3.4.10, 3.5.2, and 3.5.3 are affected.
851d1befb1d83e0151c831c6884961f17e3e980ac4ed6716207a81c4fd790e09
Red Hat Security Advisory 2013-1120-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration.
4eae575883953a022087359e906d02ff61ef76473125a82a2fa161858a5d8caf
Red Hat Security Advisory 2013-1119-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.
1409ac162d0007714edfad28e3045f8a6eda6423768a7478dc7f991b1d164304
Oracle Hyperion 11 suffers from a directory traversal vulnerability. Versions 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier are affected.
a63ebab32dfca1c676f5478d4507e5cb9958e376a21f14bd4a427db0035dea98
A remote attacker can crash EchoVNC Viewer by sending a malformed request. The crash occurs when EchoVNC Viewer allocate a buffer from heap with the size specified by the malicious server.
0f95b5873df085c2956dfc5fe0afe9b4e60c00984cd0b00e317b429c8132c007
Mandriva Linux Security Advisory 2013-204 - An updated wireshark package fixes multiple security vulnerabilities. The Bluetooth SDP dissector could go into a large loop. The DIS dissector could go into a large loop. The DVB-CI dissector could crash. The GSM RR dissector could go into a large loop. The GSM A Common dissector could crash. The Netmon file parser could crash. The ASN.1 PER dissector could crash.
00eced9593c58aac3a60ba3a90afa47d35b711a71715de5b97f4efbb02c501cc
MojoPortal version 2.3.9.7 suffers from a stored cross site scripting vulnerability.
8b314a7ebb6349066cbe66d2384dfefcf3dad366bbf130131f2c132e81a0edba
This is a PHP shell that provides the ability to connect back, grab files, perform exploit searches for local roots and compile and run them, and much more.
9a58a31ca500190b10953b45211f622c7f926cd4e939781b4f99fae0213fad96