Ubuntu Security Notice 2510-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
004b239ee393759fc7cb311874d2950a7c617c30b47ea5eaf837e1aa8242e9ecRed Hat Security Advisory 2015-0265-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
6fb8b5c06984a36c4d611ba9da24a080aee70d51ca3707e453f3588b2581bb25Red Hat Security Advisory 2015-0264-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
fb96a7ad227e19fc4fa2743e05c0242fa499690eb2839e767de61e2ba5dab7c9Red Hat Security Advisory 2015-0263-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted, as well as all running instances of IBM Java.
67e87106d47b830b1bc1b249bc64d5e01b365f1e4e3b35563732d2787a1aea88Various Webgate technology suffers from multiple buffer overflow vulnerabilities.
6d6a87e39a520ec98120ccff8b68f26b54ef6465769b821e910397fd5a27aa7eEVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.
66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11eThis is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.
e26853153c11af3c368c496b92cb79cc809c59f6efe56f5c321aefba8a22855cI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
6f02f38c933662874c485cb52ca800a9e07c36e74a26fdfeece65e25979beb4bMaligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
546b134942e14428952c2ca513d63be123eda20b6838f21a030ccbaee216ac44Red Hat Security Advisory 2015-0260-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.
792f9e6798b5e25740435a9e04fbf407a18a4febd6f6f49612ad6f8f36b8e4f4Red Hat Security Advisory 2015-0257-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
8d76cd4b796bce158991cd0e1051183c70804b81ce9d0272e76292fb6fc1201aUbuntu Security Notice 2508-1 - Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.
8f0eb27d03b4e301f5738acc1808a68c1d0bbee2df8f1929bbc908fecacc20beUbuntu Security Notice 2507-1 - Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code.
3de6d17500b7985ce0d6caf535a214a5195595178af020699e992b99fc08fd87Ubuntu Security Notice 2509-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.
877b0e4f80b3a39fd254bf9a4d9f4547850d7052585e9cc3fe2f506273ad4a76Debian Linux Security Advisory 3171-1 - Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.
3a3f953fda09a742df9d1191a2a8a008bfb65321af16ac862f950df2fe6b22a1Debian Linux Security Advisory 3169-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
3fe931b7ce23c334ac550e9b3f9ce61c02f2b4cad71b1b7018abfe10daf65a20This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.
ee5df7dbf0ac4eac44f2ff30e728e5eeff13120951dead86a3ad506611178a0bThis Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.
d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed