This Metasploit module exploits a stack buffer overflow in Tinc's tincd service. After authentication, a specially crafted tcp packet (default port 655) leads to a buffer overflow and allows to execute arbitrary code. This Metasploit module has been tested with tinc-1.1pre6 on Windows XP (custom calc payload) and Windows 7 (windows/meterpreter/reverse_tcp), and tinc version 1.0.19 from the ports of FreeBSD 9.1-RELEASE # 0 and various other OS, see targets. The exploit probably works for all versions <= 1.1pre6. A manually compiled version (1.1.pre6) on Ubuntu 12.10 with gcc 4.7.2 seems to be a non-exploitable crash due to calls to __memcpy_chk depending on how tincd was compiled. Bug got fixed in version 1.0.21/1.1pre7. While writing this module it was recommended to the maintainer to start using DEP/ASLR and other protection mechanisms.
d3e4999fe9325d233a3d46dbd61a259a73d7923e103b6f723b1d8b52ff1b7126
EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password.
95972964bbc742ac4c38212126c9f75123187a80142bc0be775e001524803d2e
The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to be rendered by the webserver using dompdf. dompdf also supports rendering of PHP files and the examples page also accepts PHP code tags, which are then executed and rendered into a PDF on the server. Since those files are not protected in the TYPO3 extension directory, anyone can access this URL and execute arbitrary PHP code on the system. This behavior was already fixed in the dompdf library, but the typo3 extension ke_dompdf supplies an old version of the library that still allows the execution of arbitrary PHP code. Versions 0.0.3 and below are affected.
3ab99d29dcbdc8c3cd497ad47d028ac734705efac716b5c6713f1c00c41352b5
The TYPO3 extension ke_questionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected.
3e3bbfd6986ae9575ca39092c83c53d3007704cdcaacf2ddb4e6429a02d9a751
Swisscom CSIRT discovered a security flaw in the management interface of the Alcatel Lucent 1830 Photonic Service Switch series that allows for cross site scripting attacks. Versions 6.0 and below are affected.
b3dc59711192975fd9682478699dd5632003dc1de58769902ecfb06b88bff1ad
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
6ad5ba79eb3e9b7434ecc4e739d691ca9e012e9cd9bb20d39c780d44b64d37db
ManageEngine Netflow Analyzer and IT360 suffer from an arbitrary file download vulnerability.
f28c12e2709e29fe58c181837e6106a9c54c5b1f2469324aa04db88e1e55be7f
A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).
691c983b834cd1c1cc4abb9e799af2e45516125311bba33d60aa227a917ea11b
Red Hat Security Advisory 2014-1920-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
e7bf4c10ef4456b2cc699ef15bc3e26d330de6d51ae87d02396f0851acd6e2fd
Ubuntu Security Notice 2429-1 - It was discovered that ppp incorrectly handled certain options files. A local attacker could possibly use this issue to escalate privileges.
d05fe8636e08f6dfb0df567b509bcd006b04eeec63bc35aed3f09aaaa79b61a7
Debian Linux Security Advisory 3083-1 - A flaw was discovered in mutt, a text-based mailreader. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition.
e5f5ea5eb5148a3a3369b1628aebfd84733d4bafa7840574291b29fb96c21847
Debian Linux Security Advisory 3082-1 - Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free file, an attacker could execute arbitrary code.
45d3a8394a88d20061257f331bda5c3542c5c1c71131c449ab431afc09e78a4b
Debian Linux Security Advisory 3081-1 - Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side.
0435333bb4a1bb2c642dcc3af7f4b1286f123096c23431478f84f155d7cf6085
Debian Linux Security Advisory 3080-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
c4e7cdd0bd1e5a071af57287aa0313a992085bc58105154e911275c7c49ee5ee
Debian Linux Security Advisory 3079-1 - A vulnerability was discovered in ppp, an implementation of the responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges.
ed1ede6b9055ca30a5f27bd99cfb95991ce416c2151f3dfff1e7eba069f078d0