Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
6b4b4001597fa9f57b57ab89c6a63a8d46be1b90e97b71fe1bd90c4cf53e75c6
Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System (Cisco CDS), contains a vulnerability in its web server component that could cause the web server engine to crash when processing specially crafted URLs. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
6cb9ce2c097b9a758a4ae01c01194219e532506c121678b7559349ee9c251344
Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.
f37324dcc067286882e574ec8915f95149ac06b8464188d28a9c6684f2be52e4
Ubuntu Security Notice 1136-1 - It was discovered that rdesktop incorrectly handled specially crafted paths when using disk redirection. If a user were tricked into connecting to a malicious server, an attacker could access arbitrary files on the user's filesystem.
ebce6c817bd2bcfae813dc2229b4d0307bf51191961d75e66134340473967ee4
Ubuntu Security Notice 1135-1 - It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user.
53826affe70ab5b8f32b22d9e0b121325db32ab7b83f1513cc66b90200261ecd
This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
9aaa651e706fe0c4c2cff95879d614cdcb9791e5120cccc527fcb82922d76fc8
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
88eeebfe9df6d18f320f396c7236f907e7a34c27f8382c7ce6e4239a7ecce31b
The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
d9d6180b7b22fe7cf624753c4bf2dc400da1e1aa6ef30d21358e3a3e2a5c9c14
Debian Linux Security Advisory 2240-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
e80a5985f8ab30d0e1b27069f1a8ac244b9edc0a3bb35aa75124e26c94b75e19
This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
a639445448cf4d50a71d847a0554fa7ab0640e8c63cc63998bd97f803f5b3b40
Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).
fa22346a655a7c732c704bed8ec712950d8e1e333a0cea4995a2a1081504da85
A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538
A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.
07ccc0d9a68de349319a1eceb37a6094b2810ad1e924bc4870669646a7b55753
An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.
b4a29e3964e1d7bd72995d10043cf6c74cf999a044fb3fe26884221a0473da93
DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
0dab2e10f9c2cb2d1363b51284e9616725f85e84aea58719848f41626fa894d1
Ubuntu Security Notice 1134-1 - Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service.
33d0bcbf01e80fbf4f6e0b746d2ea03df29467c9bd9d72f3c02f2b79dfede4f4
Debian Linux Security Advisory 2239-1 - Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected.
32a0b722e699971999dfac760e81d5ed750b47e2f3773d75c1d7af752653e626
PHP socket connect() stack buffer overflow proof of concept code.
6abcba91bf7177e20f4ef770653563e589f25adaafe8dc216b107fff5b5e35b9
Secunia Security Advisory - A vulnerability has been reported in Vordel Gateway, which can be exploited by malicious people to disclose sensitive information.
bbf9b946747ff2c4e74f8a13893f385cf6eb0fb986191a2e6465daa120d21b7b
Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
3c5fde1929cc78f8310fb171a37fcc12487b03321c43fb7e87ce6832e46a725b
Secunia Security Advisory - Fedora has issued an update for libmodplug. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
677187a5445b106b2b63f434fc97365e36f004623734924802e9cd15e17cfc36
Secunia Security Advisory - SUSE has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
be76f702ecd7cf0a6e8467e79b6646856fd8a202cadbfdac466fc8d10e5e2eb4
Secunia Security Advisory - Ubuntu has issued an update for apr. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
34f14a6b411912a4db5433626bb325d85924a0628c1f0c64b8e24ec2995ebef6
Secunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
fbd93a9507a162808eda982ef8c09f455d8e8c7a4e0408322fd4d2c0383ffffd