The UI daemon in Apache Storm version 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.
5891b86dd1736344dbda9bd356125fce
This Metasploit module exploits improper object handling in the win32k.sys kernel mode driver. This Metasploit module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.
2f0aec917a34229f17599d68939b21dc
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
3d431e287223eddab5f8312f16dc19d4
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
52a412bf25efc107c80090aba50e4892
Gentoo Linux Security Advisory 201506-4 - Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Versions less than 43.0.2357.65 are affected.
e644dc88e1eca9808c6707e5816df1a1
Ubuntu Security Notice 2651-1 - Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. Laszlo Boszormenyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. Various other issues were also addressed.
42de9907c4ef0355cd93e2c30659a3c7
Gentoo Linux Security Advisory 201506-3 - Multiple vulnerabilities have been fixed in GnuTLS, the worst of which can cause Denial of Service. Versions less than 3.3.15 are affected.
5b62f58497b875ac7b8bcb0f1f78d5be
GeniXCMS version 0.0.3 suffers from reflective and persistent cross site scripting vulnerabilities.
2315567f4a6d24a79e85069b879c72cb
Gentoo Linux Security Advisory 201506-2 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1o are affected.
29dead97f9fb4c8eb6586f20b7c1aca3
KMPlayer version 3.9.1.136 capture unicode buffer overflow with ASLR bypass.
d5acb1ba94d2e0b40f1424d52a2a4d7a
CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities.
f6e0f204b5c6955208f9bf61c3cd3e50
ManageEngine Asset Explorer version 6.1 suffers from a cross site scripting vulnerability.
e6d35f0b526c2b11cfd895cb6b61cb88
Ubuntu Security Notice 2640-2 - The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.
fa323baa361cc775f5424adc93ae44b5
29 bytes small mkdir HACK and chmod 777 and exit(0) shellcode.
7f93ab9318390d52a9cfc9c417961b87
MySQL Lite Administrator version Beta 1 suffers from multiple cross site scripting vulnerabilities.
bca20010400041a19e05b03a1e749183
Zurmo CRM version 3.0.2 suffers from a persistent cross site scripting vulnerability.
97201aab80f87c7bc957a57af15632ad
PHPWCMS version 1.5.4 suffers from a cross site request forgery vulnerability.
c4260ffa4727ed5d11fb2e481643a8d4