FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocol. The named daemon is an Internet Domain Name Server. The libdns library is a library of DNS protocol support functions. Due to a software defect, specially constructed zone data could cause named to crash with an assertion failure and rejecting the malformed query when DNSSEC validation is enabled. An attacker who can cause specific queries to be sent to a nameserver could cause named to crash, resulting in a denial of service.
08e7620d8f3528815ea6adf5b08b755493b804636e13bbbcda7678f4beace8a4
WordPress Easy2Map-Photos plugin version 1.09 suffers from a remote SQL injection vulnerability.
f831b58a9322f3da8be91a2dbd3fe3b76dc8346a8e57bc9360855eaf977f8687
Red Hat Security Advisory 2015-1214-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
207cb44b46900e919ee484a2f608e57a00fc19f6d2231bcd8e833090f4bb6dd0
HP Security Bulletin HPSBUX03363 1 - A potential security vulnerability has been identified with OpenSSL which may impact HP-UX Apache Web Server with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Note: The default configuration of HP-UX Apache Web Server is not vulnerable. Revision 1 of this advisory.
e4c4b720234445a15f22a9dc46a016ed7191f53adc8b3ba80ae5349b95bbc3ce
Core Security Technologies Advisory - The AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera is vulnerable to an OS command injection vulnerability in the snwrite.cgi binary.
21c2101703c779b440b5b09b966619ab442997dafefe43dda29ce74298fae4b6
Merethis Centreon versions 2.5.4 and below suffer from remote SQL injection and command execution vulnerabilities.
33a4b6850bc8efa423b2d9f3dee79ec98c4aad0c75b497867a6a543467abc2bd
Symantec EP version 12.1.4013 suffers from a denial of service vulnerability.
5725eda93322e756bf654e95292c69626ca4c1d94ab417128edb4557a29d0629
Cradlepoint MBR versions 1200 and 1400 suffer from a local file inclusion vulnerability.
b1d9d5801ca03f7b83536f88c09b44de43c119419982dcf2ca82b0b42b355988
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
373653c23b56b8f35ca33a553f1f82a4369df198a6d32f733510f02e0fe94d83
Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
8be318cf7e666577a1ff833caa5aac935eaf79b39b14b44b547477ce0c794e16
Slackware Security Advisory - New cups packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
d136e41716bc59a189b9695d4bc3a85698f56505b959ad57f15bd88c102a590b
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
b9a1267fb722492334e46d681fcb1cbbc4edd5e2d5bc70cf1950771e23c9e0f4
Ubuntu Security Notice 2670-1 - It was discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
722cc781a79f3e73a27746816111dcc59f03278666c0494ac1b9bdf762d8eaf8
GWX CMS version 1.0 suffers from a remote SQL injection vulnerability.
ab170d9faf15a5aca1ea6bcd67d7687b8f76d131b4a7ca84ccb061dc8baa6277
This Metasploit module exploits a use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as a Use After Free while handling ByteArray objects. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Flash 17.0.0.169, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.468.
41ca06ad850b25d5a2ca76c0d342a370ac7d388de97dc2ba2d73946fcb6a325b
MiniUPNPd version 1.0 remote denial of service exploit.
ec5af0b0817b8cabdfaec4fbe7d5121d205649e7588521b0ad1d8d6592bbe575
The Hackito Ergo Sum 2015 Call For Papers has been announced. It will be held from October 29th through the 30th, 2015, in Paris, France.
14be6a316dfc95da8ee9d8c2ef8ea25c28f6c80376ebc514bdcdb617071c0eff
WordPress MDC-Youtube-Downloader plugin version 2.1.0 suffers from an arbitrary file download vulnerability.
bfc292bbcff8faef59696b27e2a04cc7323259c72462cadda4b0f660dd8970b7
WordPress WP-Ecommerce-Shop-Styling plugin version 2.5 suffers from an arbitrary file download vulnerability.
8d12b64e284210d6fda944d4c8941dbecc790d42a5f3878c142cf36d726ffb7c
HP Security Bulletin HPSBGN03352 2 - A potential security vulnerability has been identified with HP Asset Manager. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
0df6c20a3819de414e7467ea79ef8ba8e8dd36bb8784c867fe5ab9e0d1631f88
HP Security Bulletin HPSBGN03354 1 - A potential security vulnerability has been identified with HP Connect-IT. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
49532e1b47556c5f307d0892f6478e52485c040b0f8f880b3498f9c0c02e1a51
Ubuntu Security Notice 2669-1 - Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.
6accc1bd522b0556fd46b05f41d272a2952268c1c6bcfae78b28a72de1138ce0
D-Link 2750u and 2730u suffer from a local file disclosure vulnerability.
dce89f0c1fcdd21dcb57fd65f8289fe2f9d590e10bf66f008644bb79821d496a
Grandstream GXV3275 ships with a default root SSH key which could be used a backdoor. It also suffers from an issue where restricted commands can be leveraged to break out into a full shell.
8777d199165022b18a0ee07cc81cbb54c5c05857809f7f6f11aeafbc4ec9b526