Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
33027cf0f1583a9966c3a59d78397760
HP Security Bulletin HPSBPI02945 - A potential security vulnerability has been identified with HP Officejet Pro 8500 (A909) All-in-One Printer. The vulnerability could be exploited to allow cross-site scripting (XSS). Revision 1 of this advisory.
c767c61436a6e942e2e42f4f69b5103d
HP Security Bulletin HPSBUX02944 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
37b29c828c5ba737468aa4af9af89a97
HP Security Bulletin HPSBUX02943 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
5e32d49830ece73878c7a973364fcf34
Red Hat Security Advisory 2013-1815-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
10326f383a4dbdb9d39d0a5c0a70887a
Red Hat Security Advisory 2013-1813-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
65ac6e5468d5be58ef6d7fc25fcd939f
Red Hat Security Advisory 2013-1814-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
7d51b442746b00b25a7484a57954a6de
Red Hat Security Advisory 2013-1812-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting attacks.
539e9340abffc2cab2666a7acf4bc356
Core Security Technologies Advisory - IcoFX is prone to a (client side) security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file. Version 2.5.0.0 for Windows is affected.
d5ce21e3bbea945bbaddbcd18ce8c104
This paper presents a newly discovered vulnerability in the Android Framework which breaks its sandbox environment. This vulnerability affects many Android applications including ones which are bundled with every Android device. The vulnerability has been patched in Android KitKat.
403a1b520c6ea916a357ed67df9ae026
Veno File Manager suffers from an arbitrary file download vulnerability. The vendor has contacted Packet Storm and has noted that this has been addressed starting in version 1.0.3.
b1592bbe00aabed63858b18663dafea1
This bulletin summary lists 11 released Microsoft security bulletins for December, 2013.
b2e7ba526aa9ee28048d2f29e62cedc0
This Metasploit module exploits a directory traversal vulnerability on the version 11.52 of HP LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically in the copyFileToServer method, allowing to upload arbitrary files. This Metasploit module has been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2.
3bd356cf414dd631633306ddc7e99f35
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.
f92a60052977eca5153b1bd021b6b6fd
Gentoo Linux Security Advisory 201312-8 - An integer overflow vulnerability in WebP could lead to arbitrary code execution or Denial of Service. Versions less than 0.2.1 are affected.
4adc5f91ed6a15896d889b8a228541e4