Secunia Security Advisory - SUSE has issued an update for MozillaThunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
a8fe53994b77180796cef1b6488ce2588708d2907d4af18b6e2448b80e124753
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
66fa66baa93b4da37eecee778947e21972f674842ffcb2aa5a2ca0bc2cb95477
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
95f5ac3bf334fc317bc250fa099b4f43decff6653b1f32a13815d253ce48da15
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
0ed3a9de6fc5ac7d565952f74df185b04ff6b72e33ce99e2af3f47d3727b2ba2
Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.
1d58a17a27c95d9ddb96902292330a3f808876fe7de7eb0ec28e0a1fc6c9ba2c
This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.
c7e98f972baf436cdfffebb9e430a37c5fe6f420bfd185f513efaf7d19a631e2
This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.
10b7f159e2f92d30b2c07941abb1e4f934539758916904fa7372f9e7afa29641
This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).
ca94d18543aafa961d153b779642fdaf4da2fc45b207ec0756a59de101a2cf5d
v3n0m Scanner is a mutation of smartd0rk3r and can search for 10,446 Google dorks. It then performs several checks for vulnerabilities in the sites.
76aa04ba373e47d64d01e9442b8c29083d7886303ce636a3a5e5ae5f3a1ca0e4
Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.
d9979ff7d19f7c9e9521796945b7c49ed74862a888a3527cd1b55022041c8c36
Secunia Security Advisory - A vulnerability has been discovered in SBLIM, which can be exploited by malicious people to compromise a vulnerable system.
cefb1910d5ebb71c0f8e4add55984374af782e2e3b16ee23d8ddd1907e775775
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
de302b3c6b407370f83938205dc9b50722c9d7c5127d4cc427fd2ee848daf4b9
Secunia Security Advisory - A security issue has been reported in IBM Rational Developer for System z, which can be exploited by malicious, local users to disclose sensitive information.
eeed645809ccb1fe9ad6419a224cc47b7e32a45c214e3b6b01ff8a805b8b924f
Secunia Security Advisory - Multiple vulnerabilities have been reported in MediaWiki, which can be exploited by malicious users and malicious people to bypass certain security restrictions.
24b0702abba028d00146581d51f7cfe9c3a16068d2146137c2a8f1cfded7074e
Secunia Security Advisory - A security issue has been reported in OpenStack Keystone, which can be exploited by malicious users to bypass certain security restrictions.
8501d07bb458b4db80273b990df3f12a5faab069293e98323beea8f72143b171
Secunia Security Advisory - SUSE has issued an update for weechat. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
3c5bbda8e56ad969535661fac5d469bca12949391778768496c5092e2e25ae42
Secunia Security Advisory - SUSE has issued an update for kdelibs4. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
d9eab274cb0523fff48c2902fd983b2caeb7bad193efe9689cd81ed273e34fd5
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Management Framework, which can be exploited by malicious people to cause a DoS (Denial of Service).
ab1e830dcb9181e2819f86f26144b0b9bedf20b2e89eb13234779dfcfbc5e1d3
Secunia Security Advisory - A vulnerability has been reported in rssh, which can be exploited by malicious, local users to bypass certain security restrictions.
27a4ebced838c8dafa541d3af9421caf07aab6b309fe624eadfc22b80bb11cb7
Secunia Security Advisory - Debian has issued an update for rssh. This fixes two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions.
70a593bd1b01178f13adb23b12be3e6ee2c46f3486ec1c0edffb133e2e97cd7b
Kleeja Upload Center Script version 1.0.1 appears to suffer from a CRLF header injection vulnerability.
76f605b7d08edb4bf05d6d22b3bcf13e784043856c560044d5fd49ceec08d874
RSSH version 2.3.4 was released to address an environment variable manipulation vulnerability and an improper filtering of the rsync command line.
3292f4ccb0a7fd1db2d5443d8a6d96f69577b83251c4988b59049dc9a3bd99c8
The PayPal Plaza website at paypal-plaza.com suffered from a cross site scripting vulnerability.
7b2487381e67a1d8600ff0bd87c58869849cd26308602c41d3a01baba29ca2ff
The PayPal Community forum at www.paypal-community.com suffered from a cross site scripting vulnerability.
ec5e77b2537f63740f78b9a77bf172326494cef1ae519e54639d061c119cf69b
Spotify suffered from a cross site scripting vulnerability.
8d154bbce7e99e2ddfdeed79cfca468188494a5ae9988e31dd0c94f2408a7796