Debian Linux Security Advisory 3169-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
3fe931b7ce23c334ac550e9b3f9ce61c02f2b4cad71b1b7018abfe10daf65a20
This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.
ee5df7dbf0ac4eac44f2ff30e728e5eeff13120951dead86a3ad506611178a0b
This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.
d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83ab
Zeuscart version 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
83fe2ac3fff4f7dd6763b128da0c9fc09bb6c126b4c892de632011dd0205f869
Red Hat Security Advisory 2015-0250-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
223f087cb4c18b5e0df4bbb85c9e8c9802320e9a7503f9196e17bcd0c3f87e1a
Red Hat Security Advisory 2015-0254-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
396be548967c22bd3cfcf184d1b4b49564094a2ab6b42daf22a9788fe15649e8
Red Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
90e5160b394e909032d08c8d71259155a8f664cabf465508cf1381d7bc647339
Red Hat Security Advisory 2015-0251-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
3e27df70935a97c29c3bc1050f9042e807f4ffc3f4197c8673145842ae07c09e
Red Hat Security Advisory 2015-0249-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
053bc1510a3be04466b10bbd8804b882a6add648db0c66bcfbe4dd30016cdbfe
Debian Linux Security Advisory 3166-1 - Jose Duart of the Google Security Team discovered a buffer overflow in in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.
27227b3cac633bfc9c19baddb259253c2a9c639b7ddd345fada9860a5f161b0c
Red Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
e44b9c545254680c21421cab45a6331b3e099d99facf78667d0a998df43b7c4a
Debian Linux Security Advisory 3168-1 - Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML.
bdcc66fcdbf536e7ff217fc9a0b031db97b09dc8b706dfb7797a8dc9770884df
Red Hat Security Advisory 2015-0256-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
ec46e600dcabda559a0e3ba2be776e8ee6d00d84b7580e9b7a7b574ae8035edf
This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.
a2b4ca412d9f29c4356c655f0f95dafeadc83a07afc9bdd472d5188927e91f03
Red Hat Security Advisory 2015-0255-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
d09ca20340cf3e1cfb11f15e9cd087fa31ba7037c053a37f8a76ceebc3b53f29
Kony EMM version 1.2 suffers from an insecure direct object reference vulnerability.
4ae88ded8493b490c6e43fa9c02849c47b3dc15fefa544ac71e8150dee3bae25
MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.
c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
327557842dd7782175a33303962605165ac096158c48e68bfc6b59817ebd0933
Debian Linux Security Advisory 3165-1 - Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
298e5a07e6894c3e9f9deb239f8a732c5b944f9972048325d4aaa29b057cc979
Debian Linux Security Advisory 3167-1 - Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.
c8ab68f024d041a656114d083d7d34267de02fc254ac8f6877df2a8e726b7843
xaviershay-dm-rails 0.10.3.8 suffers from a MySQL credential disclosure vulnerability.
35e1d1923fcb9cbedc88f92f321c4d39b8695274a52d7b4326b6010d8c0151d5
WeBid version 1.1.1 suffers from an unrestricted file upload vulnerability.
0a29501b52601df8e1a2c36d36023a6d23b42554cdc2393e27eeb09b58827dcd
WordPress ADPlugg plugin version 1.1.33 suffers from a stored cross site scripting vulnerability.
415920191d7780c63381322152622b9cf64d89a50a07bd324e8362f21f50bf6f
This is a simple perl script for setting up man-in-the-middle attacks on Linux.
d38e8956c0b99e7aff2b55fc10799e47aad7c2ed96fe26151631c149f50fbb5d
Cisco Security Advisory - A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability.
f9aa7d30c2de2cac2c6146829a9ee7f577afc484369915793565a06538f4f0c5