Secunia Security Advisory - SUSE has issued an update for MozillaThunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
a8fe53994b77180796cef1b6488ce2588708d2907d4af18b6e2448b80e124753Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
66fa66baa93b4da37eecee778947e21972f674842ffcb2aa5a2ca0bc2cb95477Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
95f5ac3bf334fc317bc250fa099b4f43decff6653b1f32a13815d253ce48da15Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
0ed3a9de6fc5ac7d565952f74df185b04ff6b72e33ce99e2af3f47d3727b2ba2Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.
1d58a17a27c95d9ddb96902292330a3f808876fe7de7eb0ec28e0a1fc6c9ba2cThis Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.
c7e98f972baf436cdfffebb9e430a37c5fe6f420bfd185f513efaf7d19a631e2This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.
10b7f159e2f92d30b2c07941abb1e4f934539758916904fa7372f9e7afa29641This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).
ca94d18543aafa961d153b779642fdaf4da2fc45b207ec0756a59de101a2cf5dv3n0m Scanner is a mutation of smartd0rk3r and can search for 10,446 Google dorks. It then performs several checks for vulnerabilities in the sites.
76aa04ba373e47d64d01e9442b8c29083d7886303ce636a3a5e5ae5f3a1ca0e4Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.
d9979ff7d19f7c9e9521796945b7c49ed74862a888a3527cd1b55022041c8c36Secunia Security Advisory - A vulnerability has been discovered in SBLIM, which can be exploited by malicious people to compromise a vulnerable system.
cefb1910d5ebb71c0f8e4add55984374af782e2e3b16ee23d8ddd1907e775775Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
de302b3c6b407370f83938205dc9b50722c9d7c5127d4cc427fd2ee848daf4b9Secunia Security Advisory - A security issue has been reported in IBM Rational Developer for System z, which can be exploited by malicious, local users to disclose sensitive information.
eeed645809ccb1fe9ad6419a224cc47b7e32a45c214e3b6b01ff8a805b8b924fSecunia Security Advisory - Multiple vulnerabilities have been reported in MediaWiki, which can be exploited by malicious users and malicious people to bypass certain security restrictions.
24b0702abba028d00146581d51f7cfe9c3a16068d2146137c2a8f1cfded7074eSecunia Security Advisory - A security issue has been reported in OpenStack Keystone, which can be exploited by malicious users to bypass certain security restrictions.
8501d07bb458b4db80273b990df3f12a5faab069293e98323beea8f72143b171Secunia Security Advisory - SUSE has issued an update for weechat. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
3c5bbda8e56ad969535661fac5d469bca12949391778768496c5092e2e25ae42Secunia Security Advisory - SUSE has issued an update for kdelibs4. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
d9eab274cb0523fff48c2902fd983b2caeb7bad193efe9689cd81ed273e34fd5Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Management Framework, which can be exploited by malicious people to cause a DoS (Denial of Service).
ab1e830dcb9181e2819f86f26144b0b9bedf20b2e89eb13234779dfcfbc5e1d3Secunia Security Advisory - A vulnerability has been reported in rssh, which can be exploited by malicious, local users to bypass certain security restrictions.
27a4ebced838c8dafa541d3af9421caf07aab6b309fe624eadfc22b80bb11cb7Secunia Security Advisory - Debian has issued an update for rssh. This fixes two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions.
70a593bd1b01178f13adb23b12be3e6ee2c46f3486ec1c0edffb133e2e97cd7bKleeja Upload Center Script version 1.0.1 appears to suffer from a CRLF header injection vulnerability.
76f605b7d08edb4bf05d6d22b3bcf13e784043856c560044d5fd49ceec08d874RSSH version 2.3.4 was released to address an environment variable manipulation vulnerability and an improper filtering of the rsync command line.
3292f4ccb0a7fd1db2d5443d8a6d96f69577b83251c4988b59049dc9a3bd99c8The PayPal Plaza website at paypal-plaza.com suffered from a cross site scripting vulnerability.
7b2487381e67a1d8600ff0bd87c58869849cd26308602c41d3a01baba29ca2ffThe PayPal Community forum at www.paypal-community.com suffered from a cross site scripting vulnerability.
ec5e77b2537f63740f78b9a77bf172326494cef1ae519e54639d061c119cf69bSpotify suffered from a cross site scripting vulnerability.
8d154bbce7e99e2ddfdeed79cfca468188494a5ae9988e31dd0c94f2408a7796
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed