THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
4771be6aa69cc3ab57c9b9672651df6f
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
a4a5d65fe4f29f57e57808c39cdaaf66
Ruby Gem Rgpg version 0.2.2 suffers from a remote command injection vulnerability.
b5bd06f8f4d1679adf87ce7dca408283
Joomla SectionEx component version 2.5.96 suffers from a remote SQL injection vulnerability.
2ac9b3a342dc035b986a41ff6513e91f
Red Hat Security Advisory 2013-1137-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to these updated packages, which resolve this issue.
01a393552a8d139a1abae980d4ca273d
Red Hat Security Advisory 2013-1135-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
48d043368d78653cf33bec72cdadb6ab
Red Hat Security Advisory 2013-1134-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.
4ca104993ae2eace60b1247e7b0e5003
Red Hat Security Advisory 2013-1133-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.
b812fc5eff25761133fbe50d83490e5e
Red Hat Security Advisory 2013-1136-01 - rubygem-passenger is a web server for Ruby, Python and Node.js applications. The rubygem-passenger gem created and re-used temporary directories and files in an insecure fashion. A local attacker could use these flaws to conduct a denial of service attack, take over the operation of the application or, potentially, execute arbitrary code with the privileges of the user running rubygem-passenger. Note: By default, OpenShift Enterprise uses polyinstantiation for the /tmp/ directory, thereby minimizing the risk and impact of exploitation by local attackers of both CVE-2013-2119 and CVE-2013-4136.
e46fb2076ae2cf5f14876af13a2a62a0
Debian Linux Security Advisory 2734-1 - Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser.
7d15c7ca4b8b025dfe10116c4639e8cc
Mandriva Linux Security Advisory 2013-206 - Updated owncloud package fixes security vulnerabilities. This update provides OwnCloud 5.0.9, which fixes these issues, as well as several other bugs.
6306e0f487fb6d6b6f9fd0a4296665f4
Slackware Security Advisory - New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt. Related CVE Numbers: CVE-2013-4242,CVE-2013-4242.
7b2e47d408efcbffaee71164851db653
Debian Linux Security Advisory 2732-1 - Several vulnerabilities have been discovered in the Chromium web browser.
90475bd3c4ea578d82cd09fb0d3c2648
Debian Linux Security Advisory 2733-1 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.
f7f79460b25a7458be918270d0261faf
IBSng version A1.24 suffers from multiple cross site scripting vulnerabilities.
a2b5d894df10f6484926866f151376c5
Digitalocean.com leaks customer network traffic to other customers due to having an overly large bridge defined in libvirt-interface.
6ef6436918beb2b98afa0efdd7b46e86