Ubuntu Security Notice 2091-1 - This update disables the OTR v1 protocol to prevent protocol downgrade attacks.
c785bdb9b935770e2dfc02fa917fcde92b56401145719f85d6cd84d605e27ca4
This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.
4051126d4a1554f5aa1a371e3823fe1746489da90272c4a0bd3f21fffb9a0ce0
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
191246e4649b609e4202d26d8789784f17b49c0d1ab475bc653ac4de35be5b5c
This whitepaper discusses how attackers use dictionary-based brute-force attacks to steal other people's bitcoins. Proof of concept tools are included.
d3b473fd72aba55764c5b793c9300a33b4bc94411e4282b14f400213f149aa0d
This Metasploit module exploits an arbitrary PHP file upload in the WordPress Amerisale-Re third party plugin.
1977a861af86c1bb609eab4c6885099d74ee40712c458de75397e40bdcfb1bea
LinPHA version 1.3.4 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
dd1112c814225c6d2b24116f1d99bcf78fed4941a42afe5ea7e7f980af1746d0
Amin'z Tech CMS suffers from remote shell upload and a remote SQL injection vulnerability that allows for login bypass.
c992e7712a27df499ae4bc3d17ca86548e65261cdd7eaa0f75a9c314525437d6
Drupal Tribune third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
8922901cd06fd3a4a6b5033006c05d50258b696c4b87a583e0b6d71bc6fbce48
Drupal Services third party module version 7.x suffers from multiple access bypass vulnerabilities.
2d54f256cc810c69585b7137d0fd722f6cc26ab73d4785ab51345dc1c38f18ce
NCH Software Inventoria version 3.45 suffers from a cross site scripting vulnerability.
013ce0474eb3119edf8938629f3cf1485ee96a3afaa5234d50e9c770f8c001ad
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
fb2cda4617d1625eeed6c9d9ba9aa64a72737f25b4b8bff588a69620d7c4f1cb
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
985394a529eb8e2dc205f756adfa22da2611ace7eea571d769bc2a3506915047
Gentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.
073b067938255df59111607a647be7a61207ceda164ae0bab0a2f2e8b3d64f0f
Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.
08788290f886b257bb5cf19d5da72a1cebe9c1902c834380c2cebb552a875e12
Red Hat Security Advisory 2014-0108-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor did not always lock 'page_alloc_lock' and 'grant_table.lock' in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw to cause a denial of service on the host.
8f46a6282e67a95809d58fc3a16c9ecccc57553d3af6f14af2ff8aeda8c5d557
SimplyShare version 1.4 suffers from code execution, local file inclusion, cross site scripting, and command injection vulnerabilities.
06435c185640907d6002f6d7fd2570bf5f5e4cdb4ee43a71600c2ccbb4d362f2
PCMAN FTP version 2.07 ABOR command buffer overflow exploit.
207aacc82b71408ec13209815ed8aa5c33dcdd9974eff7bed97d008df270fc01
haneWIN DNS server version 1.5.3 structured exception handler (SEH) buffer overflow exploit.
5ff4049dea782c7dcd51a3676c2edd85d01ac652a47a47c3bf62de5c0bf51ed3
PCMAN FTP version 2.07 CWD command buffer overflow exploit.
686e1bb139fa8ceb51129b6bcc62b9df3c56b058ab7375350cf467d34d7e74da
Pandora FMS versions 5.0RC1 and below suffer from a code execution vulnerability.
2ba4bc2c2183c5acbae565b860f5f9eabe987ba0a399d204e52fc3e2151facf0
WordPress Photocrati Theme suffers from a cross site scripting vulnerability.
2c0a0d09eabe3d8c389700133ca742ee4514f4b658e287ca801e58421be8784e
Sitecore's special way of display XML controls allows for a cross site scripting attack.
332c44062becbe780354571679bbca0e59d1468bef6e56ac13e0ebfa8d53931a
A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.
cd1d7881579b65ddec9b55be9bc64a68cfb6ab226deae42efa4a82f9439a111f
Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.
3581d647b9a2e8009d1d33ce3190ed76df5b93ae7c3bb78683ead1f423d79945
Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities.
7e14b6132c32b76074863b2d2bee5da28e1064c2155acfee7dc34c7d4969418f