DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
b7b224803dde427b20c84fadc4d4ad53f93b348afa988194ca473e0809af0c57
This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.
41b7d988b197d4b07886ef236a76dda4482ef1d09d5d87eb2dbc440af8850897
The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
2abfa7dcae36453b2de188ce94ee87d4e58078ce17f31bccfdccebada77aaca9
Debian Linux Security Advisory 3058-1 - Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job.
794e6fcde2a5edb7fde588274221b91b4eb16325a3b27ba4ad68854d85168f41
HP Security Bulletin HPSBST03157 - A potential security vulnerability has been identified with HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
e9d6c975aaed8023b6f21f043ef708d1380c041f1f05607e46608de48932d0f7
HP Security Bulletin HPSBMU03152 - A potential security vulnerability has been identified with HP Operations Orchestration running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
135b8b5df7d75054cff6030c520d1e1794639c655c17d21c329830247e297a86
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
cbb31ada31368bb2fd73684ca29466e42dfa89e775a24cae02d3f97036a0720a
Debian Linux Security Advisory 3057-1 - Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.
c144597c40829cd3ce82d549359e55e677fe9190523e5cc891a3339d0a6adef2
Debian Linux Security Advisory 3056-1 - Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference.
7a048cf39a7d9acfccb3492f25d8e0dd5367015cd8eb9a4bcf864c1326fff9a5
Ubuntu Security Notice 2389-1 - It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.
2443af81993075cbf3ab7d7d43577a7bb30ddeb8657a971fdfb89d5beb9932ce
Google Youtube suffered from filter bypass and persistent cross site scripting vulnerabilities.
d770de406168763951c7b1e69b163ca364a37b4375bbbcfe787d71ddb976530c
Folder Plus version 2.5.1 suffers from a persistent script insertion vulnerability.
0d9379de014d59042085eb77716f79a35a01f81b490dc13cb07661d80dbf7b3e
Apple iOS version 8.0.2 suffers from a contact handling denial of service vulnerability.
a1a84f101f4184e559d71e0e1a38073ae08ce39f378f361a1febf0391522fef5
iFileExplorer version 6.51 suffers from a local file inclusion vulnerability.
6a7264570706b9ef983a5bb3527fcbfd5eecaf9de9496bbac0bdc7e315ac69c7
WebDisk+ version 2.1 suffers from a code execution vulnerability.
71f07cccbc9a64190d3c2e88330ea419e97de320b8090e569ac6b19094991712
Zalewski has noted that binaries which have dependencies on libbfd may be leveraged for attacks due to libbfd having a large range of possibly exploitable out-of-bounds crashes.
482143b943dd09a0acc6d1703848e32a2c8bccd80bde134ced14a899fc368d68
Tapatalk for vBulletin version 4.x suffers from multiple remote blind SQL injection vulnerabilities.
d36d583dbde6514335981c515060f0a23012897a4fad3c25d65225595aa63eaf
Filemaker Pro version 13.0v3 and Filemaker Pro Advanced version 12.0v4 suffers from login bypass and privilege escalation vulnerabilities.
8cef33d37feb867e637fd3a166cdd0fd88b209b252278408006320a2afaa8cbe
WordPress Download Manager plugin suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.
f2cbfcf9c8d70d98b335c7cd933c86db1ac9a8cc0562ad2f985ce6a878ec0178
VMware Security Advisory 2014-0011 - VMware vSphere Data Protection product updates address a vulnerability that could lead to sensitive information disclosure.
215b15436296cd13af4a6c3a5c8a74092a6188a68cb68f18826067f34921f731
WordPress HTML5 and Flash Player plugin suffers from a remote SQL injection vulnerability.
8d124d40ebbb6c1c5c1feef2711129624972450026c05cfbbe41384d40aca887
Yourls version1 .7 suffers from a persistent cross site scripting vulnerability.
2c2e8735cb469e954aa3a2db523f33bac49da92babbff3f7d23aad9ae98e9735
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
b3dd02a5dcd2ffe14d9a37956f92779d4427edf7905c0bba9b1e3901b9c5a83b
EMC Avamar server contains a vulnerability that may allow remote Avamar client user to retrieve sensitive account credentials from affected Avamar server using Java API calls. No authentication to Avamar server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in EMC Avamar Enterprise Manager. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43 are affected.
24d8d814ea8b6331d98ee101748e0eb8f4305b743a3d2fab02a2af437b2537cb
EMC ADS/AVE Password hardening package uses the DES-based traditional Unix crypt scheme that may be susceptible to brute force and dictionary attacks if the hashes are obtained by an adversary. The hardening package is an optional package and installed separately. Affected includes EMC Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE) running Avamar 6.0.x, 6.1.x, and 7.0.x running with optional Password hardening package earlier than version 2.0.0.4.
7050f48ab77ce658a8e7df1088c51dae344960d6024f8242dfab187ac1a9293e