Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
62e2803d1077490bc2ecda2387b52e9eb3db0fc8c4b9ce06938637ceff9ae9f1
Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3de211c34bb48756bad2a6643d32350fc340d729d5c68ece7d1a140aa017252b
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, and -current to fix security issues.
d20713213e1f498660bb8b43f4fbc662136bfc2b790071d4f7b2be3a9b9051da
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
6120fb4a8bf6d6ae054f4a491f7039bf7641e93ba9382dbe574ea9e812474ccc
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
364b5bfac793d8167e2a52c999ed9ed04702bfc752f6699486e0f69952119c3b
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues.
334938e89e2d3072c73f300991ac514dc6ea30b1d9b395eb8f4969e48e99e779
Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
11220e483e0470a5c002fab2accd9c67a8f9231abc1cf27ee995893039c1e38c
Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
4fbd2389486aa3af7ea8d9c620951216e696c1a2f7cd4f5c668793bc276a08f3
This Metasploit module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.
ea5185af9eacbf5f8ba32b49f0b348feaf5aeb8b06d576421ac1861e3bd61b62
This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.
523ae89437abd95ee2b8adbfe4b6eb79e71f45e8218d4bcec51f35af6aab99d6
Debian Linux Security Advisory 2889-1 - An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.
6c98896315477340680db98e02791077026f5bb90eef2f49e4ff280754b1c63a
Debian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
423a0919621086aaccc30b1f280aaa8df27b793c92b30df5b3341a89bb7b74d0
Symantec LiveUpdate Administrator versions 2.3.2.99 and below suffer from password reset and remote SQL injection vulnerabilities.
11f001616a25bdfdf4be738bd0ef7f77bf985f9f7a0f5c873331ffa8305ed340
LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.
801017e1ff1d3bdeae05eeef0c85d7625a0088eef454bd42667d1a259ef47ff8
Ajax Pagination version 1.1 suffers from a local file inclusion vulnerability.
69e08cc5d2ea4848004a83b725d70d5539504575928edebeba5a13590e8b2878
HP Security Bulletin HPSBST02968 2 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 2 of this advisory.
381ca615d8d8fface93b274db6423d82a2e18741438d20d4c269d5e2cb2270f8
Debian Linux Security Advisory 2887-1 - Aaron Neyer discovered that missing input sanitizing in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.
a3b48a31da8b85333d9e14e6c946b5b226635072b357a1c97013b03a850b0350
iStArtApp FileXChange version 6.2 for iOS suffers from command injection, local file inclusion, and remote shell upload vulnerabilities.
8b098835b2928b1e01d165f8e8bde1efd4aab6d93048b1a9c54783e43ca561bf
WordPress HTML Sitemap version 1.2 suffers from a cross site request forgery vulnerability.
201994735e80fa917f6e5059cc2ed56952c108819c09e3f473ea49a528417d57
GD Star Rating version 1.9.22 suffers from cross site request forgery, cross site scripting, and remote blind SQL injection vulnerabilities.
796f545fbb705c4802204cc3c44a1363749e626b8c4b713647a53112da55d889
Canon PIXMA MX722 printer suffers from a WiFi password disclosure vulnerability.
053f0b5c3da36eac0eb319318f27ed23717cee605d73853ff649d554743a60d9
WordPress wp-business-intelligence plugin version 1.0.6 suffers from a remote shell upload vulnerability due to including ofc_upload_image.php.
cfc6ca57ddaae7ce436b3f1dd3b109d8d363bf14d5bbb4a97697b3c2cec8fbff
ASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.
902da011bf746423d5b241e17da52bd86559dbc0d84acce478a7761e2d717453
EMC VPLEX GeoSynchrony versions 4.0 through 5.2.1 suffer from path traversal, timeout validity, session fixation, and various other vulnerabilities.
865ebcefce882874598ff43ecc2a95087b307183385a9a725bb5ad0baf892e95
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
f219bc254464ef8993fb659f9292a4727fd23f7a0e3d6eb13f379ebdd70464f4