The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
c3690f476187bf4b7bceed617052bbbc1450f4932dead991db1083b0707d5e1e
MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
896e235037a75dfd399a6f028da7f8f942cfe7ede4331bb0775a05c0e3064ee2
webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
ec005fe83de7331a8a07d62daabf90f9ab9273ce575f1297e75142a6f7bfd2ae
DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
900a69552ae4f2e1b99cd5231bc485c4e70297254407c0b371ac96a0d19853b9
Apple Security Advisory 2014-09-17-2 - Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various other vulnerabilities.
c7b02c75d378a545f8aa6249ce72817c0d53275ba9408b5e1c074ffa5b986f5a
Apple Security Advisory 2014-09-17-1 - iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities.
9aea82d38a9a0bbd2a4dc19603d0bb6cbf3c4bc828f5ec2b4416c139ceb66db7
Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.
0a42be4979149e6e258283d7685446461846950dbaf2939b187cc377e0d4ae30
ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
a1a0d60bd1a776a335c6c68257966aad56e2df9f4539b06ada46bc128f8763ac
Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
6eccdbf0d02ef4c32c64da9928ac0666d213e0a528332a271898fa571fbd3865
WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
993efa6dd07b224e9bb5b8fdab33d68bb547334c234e6e0ca083f1086bcc1733
WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
53f460ac91c7d419b8bcb368ddda31921d0dbe302556c55c904f552f999c5396
OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
7ce8f234f3fc7d597b6dee841a59a83f9c72744d959a65c980de8c3c542ca5da
OsClass version 3.4.1 suffers from a local file inclusion vulnerability.
b57ade7f6829462047ddce456aabe66c7c6b4e59dec82158f58d6561c00f9dfb
FreeBSD Security Advisory - The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
02d0df3d2b5a7093f57c850f50146352b4357f62fca2e1ebd401a0c679d05939
Ubuntu Security Notice 2319-3 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
aefc793776a903cdbda6cd3bfc0f722696015d3319433e46ed16467a11e6e4f7
Ubuntu Security Notice 2349-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
3a375c20af9de0288313f16d71a607d209b4175308d50cf64a4dd4f633c37214
Red Hat Security Advisory 2014-1255-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
4b3a553590ae1cd575bd1c4417f87311c2d3268da73d593b7fe4ba259f7a3468
Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.
33bf84d9f10ca8350a51545c2b108e19d75aedf8a3c9887089bcbb7f0eca8d72
Debian Linux Security Advisory 3025-1 - It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).
7f48d15735dbc2babefb54aa8fa778108712207ca8eced88de418fa6d0860882
seafile-server version 3.1.5 suffers from a denial of service vulnerability.
292d4506d9d6653341024ec2cafc303a777f6ba126e5032e2a14512b6d41a1b4
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.
d6921a18ffdaa38904d1331a1ef5ae95a6b488e9904853327611e542c0edc883
A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
4daa646bde5895fbdd88288d9c9cd55da7cba639eaae92baee8ddd3f6afda65f
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable wifi.
8f0385e79db656d96c679b780cecef8edc53320f2104c9d1fe56d10ff1f6cc51
Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
d2e2153f6e4d656992f7440b3cb89926277a075073424d269287da5e78c20038