Secunia Security Advisory - A security issue has been reported in Redis, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
6f1ecb454bc96e79dc7fb377ea7b48db9fa534a4d3b39d408ee5b00999344cc1
Bluefog is a tool that can generate an essentially unlimited number of phantom Bluetooth devices. It can be used to test Bluetooth scanning and monitoring systems, make it more difficult for attackers to lock onto your devices, or otherwise complicate the normal operation of Bluetooth devices. Technically, Bluefog can work with just one Bluetooth adapter, but it works much better when you connect multiple adapters. Up to four radios are currently supported simultaneously.
9ce4d6f066e5f05c949e431d41a748db7739834dd47dbdb23b4e0b4b652866c7
Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi.
e9958b0f049ad1bc4400634ee8177ed434f1a56da56c38cae3879f16f2a207c8
Ubuntu Security Notice 1687-2 - USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.
83cecb914e0d84557ebb4ebd287e67e2410142d4bda1a45acb0c83ad55cb99da
Ubuntu Security Notice 1687-1 - Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
2c880fd754a63df7f4e2ab3b0fb2a8d3137ab98e86a46fe7a2f65b59f9d403e7
Red Hat Security Advisory 2013-0156-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
5eade1c35ed76fb2cc4da345cf65326653ace89d25da3b321d2b14ca340f1694
Red Hat Security Advisory 2013-0158-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
9e75af8306c055924f661c09f7e7afbc4f80aec7bda581f0ab31097873d39aa6
Red Hat Security Advisory 2013-0157-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
374121d1081da7d8e7b4e631810b2e0ecea0d40a4f9cb3393082044e3adc3d5e
Ubuntu Security Notice 1686-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
ff5afcec1caee64a1033d68cfc54664d11d85faa8910e69caf5983e3553d6e29
Debian Linux Security Advisory 2605-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.
e42362badf3265d9356fcd4cdf050c88510bf7b13ca8d4defe28d4c52af1d6cc
Debian Linux Security Advisory 2606-1 - It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations.
cf7a671eb3e7dbcb0020cf0bfc6098c3caeff7fdafc94366210749a4692aab2d
Ubuntu Security Notice 1685-1 - It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. Various other issues were also addressed.
79532f6936e805b7d5c26f245986b7203950b4251272d82f8429b94f4668b18e
CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations. This advisory is an updated version of the originally release CA20121018-01.
be3d581b61c9b5924795c648c3df4db5b11cf040219259da002acc2321c797fa
ProActive CMS suffers from cross site request forgery, cross site scripting, and open redirect vulnerabilities.
568536e08fe1d3043e92533be68c6b3916ff57e51f21738f12f3c95a131c5879
Calendar Scripts A.M.Y. Ad Management software version 1.4 suffers from a persistent cross site scripting vulnerability.
dbe429afd6de011f44886c21fe1edb326a4cba20b589175b2428e96134dedff6