Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
7c6df4b1a1793336b821241ea951d284e00aaeff40b1141e0241b1d09ece8608
Alienware Command Center version 2.8.8.0 suffers from an unquoted search path issue impacting the service 'ioloenergybooster' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
63f2538dadd62b01d9a1bdd72381e85972ffeb5361dcf205055e2e2870241cf9
Ubuntu Security Notice 2505-1 - Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. Various other issues were also addressed.
089f252b4c9bbfaaf0c54c751c1f3a5709ec79a25c3cf1f19010136f983ea370
Red Hat Security Advisory 2015-0269-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.1 release serves as a replacement for JBoss Operations Network 3.3.0, and includes several bug fixes.
22eb0f338cafc9de3a1c510ad57ea0b27f7d4e97b9b7a25e8ca862924e08282a
Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability.
625b938af5a85150b1a3686a1b0c965a9c909143433e02e16ae80a36174e5eb6
Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.
b8335176b54b66e8cbb9f9a3685e9203b083052ec2400eff910c1f08c844eedb
Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.
c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1fa
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c5c3ccebeecbace39df0ff2d50ec4515b541103ffaa5e33cd1dc79d4955c0dfd
Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.
92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.
525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
Onapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.
5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2
Red Hat Security Advisory 2015-0266-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
b6086d5a30a8d920f7c48a29debed81f96970f5500250c3604ddf5e177d50cd7
Gentoo Linux Security Advisory 201502-14 - A vulnerability in grep could result in Denial of Service. Versions less than 2.21-r1 are affected.
17571fc7011e05dc2a208be4e37864cb8316ec4cfbb4c2172adcc07b37a15a8d
SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.
24bbaf5076666acb1c082a4015e52f5e8aa9a9c44a370c866f118c741c285a66