The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
5069dfc0c3a2f60acb67d9fd214f1acc
MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
c9f4c76ea59500d8e946f3d410dc3d0f
webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
b12b120f23cd306f4088537f63c4bf8e
DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
0511fe8004506146c94cef634534f905
Apple Security Advisory 2014-09-17-2 - Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various other vulnerabilities.
0993b6307f7ede7b0fe1d393f80ca225
Apple Security Advisory 2014-09-17-1 - iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities.
155906b43100fa7d132d2f3d9768bda2
Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.
80ab4909ac015f459dad4bc8597377bc
ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
d7023e0da35113b2992633670ea94c69
Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
d79e8f899309348c1aba017cb0e3496c
WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
6ffbc090afb2ab5144e238532753b1b8
WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
064709c69db2b45f9da21abd526d54b9
OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
12423c36d9018ba4d8211591c1b6875f
OsClass version 3.4.1 suffers from a local file inclusion vulnerability.
7faeb4e3fe466936268f6e034424628b
FreeBSD Security Advisory - The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
d0d69a580db330d7ee9f522fb50ad2b5
Ubuntu Security Notice 2319-3 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
51e1023d9034fb572c72f220afbc408a
Ubuntu Security Notice 2349-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
80a0fdee83eb78a4f73254802b04a45b
Red Hat Security Advisory 2014-1255-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
6d93c4f0f09d5a5f1415a109337dd5c7
Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.
0932b8f36903303fbe5f877fcb1b2d74
Debian Linux Security Advisory 3025-1 - It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).
b7677f0cbbd7eade767d383f5700e00e
seafile-server version 3.1.5 suffers from a denial of service vulnerability.
9d78a9e91a600b009eb21ff57fa5a15d
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.
bdbc3ec524ee2d27be2ff11affa37e01
A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
af5b9689dfffa8b38cd4359a37afc747
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable wifi.
fdfdc95c49ddd399960fea1fdde5d180
Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
1cc1fded4992b35bce2153081612884b