Red Hat Security Advisory 2015-0099-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
07ae3d608c7bc928e164c5f0edd07d9fed0b40c519ef06bfed163e6e7f1b23fa
HP LaserJet printers with firmware 20130415 and below suffer from information disclosure and unauthenticated test functionality vulnerabilities.
de398ae4079091da76521d5c9f293e42efbd2443898883b6e4bd84295203ec2b
VMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
55fa1873d70654ee0597f3da9f1f88c2593c4ac47e45f3deaf0add63c4c2cd33
FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.
94980381572f511b4697b2bf2b6d1b10dee3a0640f849037c8cd995bace01080
Mantis BugTracker version 1.2.19 suffers from an open redirection vulnerability.
a4a5d3a57136e2c7c69197773c4c6f2b7d1873d9a94832d2eb5e95f58d43524e
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
6591245d55445a2ddcc1700964c33b8bf62fe20c75bd9c7746f4fe0735502951
Apple Security Advisory 2015-01-27-4 - OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.
434e3bbf065d6ff22de4e7b85d71ce11a7811880de29f04e6a58af05a3e46a97
Apple Security Advisory 2015-01-27-3 - Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address memory corruption issues that can lead to arbitrary code execution.
ffbe57c64600b7e1c963a99fbe798c9585ea40b12b6d5dcf274b6aa86e401253
Apple Security Advisory 2015-01-27-2 - iOS 8.1.3 is now available and addresses access bypass, arbitrary code execution, denial of service, and various other vulnerabilities.
7d9920a6997e5e7bb8e01611c7dce2b7e3e242c90d9a5c4edeb5181b8c7b8cf1
Apple Security Advisory 2015-01-27-1 - Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and various other vulnerabilities.
5ccfb0bf060b8bfce712b760bdd4bdcf5bc236994aba26bbfdd77d093c7ee7bb
Red Hat Security Advisory 2015-0094-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
0d3babf6448936f91b0ce462ac340ae5806760fa2c69e2e4e726c08d7fa3e1c7
Red Hat Security Advisory 2015-0093-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium.
15bcdc47727fc0ad0b65702ab55c64ea44a92ad6a771e7347758eaea43b886bb
Red Hat Security Advisory 2015-0087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use this flaw to crash the system.
56294e658e5f97118916c849531a69eb62aaa3d6bf0ea85f9f9081df3abed7a4
Ubuntu Security Notice 2486-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
0a3efc41f8c988a1d04f15b23eb0e08c026c2987dda7ba586d9c7cc4ee33cb55
Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
ab4dd6486f4ee6eea333af5b0238b5e37c79372f03d28ec456d911e6e9c2a2f2
New CMS version 2.1 suffers from a local file inclusion vulnerability.
26b93c8a8cc6dbb8ec52f0210258d68239e0acf6e87359bc67630c70164293cd
Sites powered by Restaurantbiller suffer from remote shell upload and remote SQL injection vulnerabilities.
f4a1adac8a45ce05a5b00694825f0222021b21e9d260550f0910c915cc9c69e7
FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.
efa9652e44569c33fc4fee812a69f383c8001fe4f217c3d71994dbc05b3b72c3
FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.
3a671192f0facf33bd6129a2886a8ff9396192343746c6b576a400840ee63a00
Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".
ffa8d4a79d99689d850b8267b77bc648e3bd73f6426baa39b73870777ee69adb
Red Hat Security Advisory 2015-0092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
620c64a2aa97609a8171e047e7c827ed68c38df906fd7ea24237c738885f5d14
The Syrian Electronic Army SEANux linux distro version 1.0 suffers from a remote code execution vulnerability.
b080cc1a04a781bc198b71a73b2e7296a4626b1e7f06b5166036b5722ce7cf48
The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.
326b02ff487ef267ea4187e1de17d0c6aac589a200b5be40f35cf8784fed3930
Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.
12bcee98da8a2545e67c0fd61295e3e76c43d64f193a59bac3a91c594c824b90
The 0x90 International Cyber Security Conference has announced its Call For Papers. It will be help March 14th, 2015 in Chennai.
aec3207fc46069cdc097a620f0ac9ee14f3235262ee2a4b2ec49cef66965d5dd