Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
2207203916300a941ef91bb9840ffeb11378e996d7ea1b05693921744df6b351
Drupal Language Switcher Dropdown third party module version 7.x suffers from an open redirection vulnerability.
c7d3f98b446232bfc02e2c666e1c4989457b17a78ce566716595552b111aa50b
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
5d871b1e52047d1b2882bbcc6f049205ba6acc8d55d746937d22af5d0b33fa9e
Drupal Leaflet third party module version 7.x suffers from an access bypass vulnerability.
516143b82b867e2a2beb54d2ed26c0593f01739e3200a04b790d410e5317dbf5
MW6 Technologies has various active-x controls that suffer from buffer overflow vulnerabilities. Proof of concept code is included.
b3db5798c19a3d2d9c36503ff3c6adae47330561e39499f1617feed1f951c20c
Drupal Doubleclick for Publishers third party module version 7.x suffers from a cross site scripting vulnerability.
f902da27306de87a80c9c84bdc766fd5c1449fa544574705accd4a39934242f7
Drupal Secure Cookie Data third party module version 7.x suffers from information disclosure and hard-coded secret vulnerabilities.
4c08ac10a10f5bae37413be1bd380971d4832c6ed47f59d5ea911658a9dca655
Cisco Security Advisory - Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.
c88a409a5e50a1a1f31d782849ddffaa663f743e73a72b4ed1e22d4942c82573
Cisco Security Advisory - Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded.
15cf5853289c693600f1414617a36ae2271a57f0d6da1dbefa05decd97577fc5
Cisco Security Advisory - Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel) causing all calls to be terminated and preventing users from making new calls.
7bf78f90829a756e48cf1496b1257ee9c7cbdd2b8919722e8e1bbb110f44ab36
Mandriva Linux Security Advisory 2014-020 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.
f497ed58fe819404fa09b48ffaeab9b2769c44673fdfd53039e827b4189cb3c9
Red Hat Security Advisory 2014-0089-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.
c50959b9d41dd39d2fd6d966353e83b422fa7a6cf1c6c8fd1c7e4f807fe7ade4
Red Hat Security Advisory 2014-0091-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.
7a6024a5034a169ceae9763c64a8c54d3106efa99634fc821770cf61e9d34f55
Red Hat Security Advisory 2014-0090-01 - The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could use the CreateStack or UpdateStack methods to create or update a stack, resulting in a violation of the API policy. Note that only setups using Orchestration's cloudformation-compatible API were affected. A flaw was found in the way Orchestration's REST API implementation handled modified request paths. An authenticated remote user could use this flaw to bypass the tenant-scoping restriction by modifying the request path, resulting in privilege escalation. Note that only setups using Orchestration's cloudformation-compatible API were affected.
4eef99862e59c551295d7917e5c785068040a4c30d7833175e952cee56708be2
Mandriva Linux Security Advisory 2014-019 - When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue.
95452e7d3693c1c3c86c03e26fa8950b3f943e92aac0d719122e1810e61471dc
Mandriva Linux Security Advisory 2014-018 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
479e81439c0d26b024653339e67bcc26a11f63393821e9cf087d17a41abac8fa
Mandriva Linux Security Advisory 2014-017 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. This update also fixes two other minor issues: IPADDRESS size in python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable.
eb476709985a25b1ea4c65839954fca812a6aae0097cf8170adb45d45e7329ac
Mandriva Linux Security Advisory 2014-016 - A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
60b532f68791dc2bf52f112aef543df19722dfa602956cbcf011687f01d6a4e4
Mandriva Linux Security Advisory 2014-015 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.
c44b363f15f84b64f144f627526dde5cb5a1d7a345a73f145f5638ee62d1d767
A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20.
65c2ed19eba0758f8c760b12d4765618e61203e44d05a5145cb0d2a79e35d225
Multiple modern browsers have failed to mitigate a cross site scripting scenario leveraging the srcdoc attribute of an IFRAME tag.
ecb1de8034a9a2065500be16c12903e53f7becc90f5fc45baf13132b1914b434