Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
aee0faee9c3f1bb265ee8e94b4bb93967413f3c56e65f954db16b09451546769
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
75554ca11ee38d727456b17b6afd5379e5c14c05160ca66755a25f248b4b1730
This Metasploit module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.
1641e648bb596d49cb885ae8a06d070b985c8aa9c12581f0fbac21adc6d108a6
The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.
1b0c49a5daa22309c31f3ebfc498ee87664cbe412bded297b0f3fac32d95a90b
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
6fbd65b27e6a48331a0b62f6346f00aa90fef1353c8775de4c5f201ce9e4464a
Ubuntu Security Notice 2534-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
be122038fcb77b4374222b3d57cb1ac4a7a62d1000b48136d7a568cdffe34cea
Debian Linux Security Advisory 3192-1 - Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service (infinite loop).
d6e0d76ec692ed0cd90abd68040a0f655e8ccf3e58b097abbdc252517f262dc7
HP Security Bulletin HPSBST03298 1 - Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 1 of this advisory.
fb0c36adddb47f8c83881e2dc15b540ac9ea0fa121193e14d50a2e07c272bed7
Gentoo Linux Security Advisory 201503-9 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.451 are affected.
c94a07d133adc6cdb9372f6e82c6371a814da95bb90c1bf5458a82825ddfa17c
Red Hat Security Advisory 2015-0697-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
8f5cda01e74c94446edd64ce381f256c35befd3199be678bc15c31aa83e164b0
Debian Linux Security Advisory 3194-1 - Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.
984fd08815ed72c3981453fbe068a7951191d73e4a772b399ba3bb5daa3ac4d3
Red Hat Security Advisory 2015-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
25724757ff5aee8a16c253eb7a578ac07bfa56bdb2e5d75fa8c0d5db6a98c13b
Red Hat Security Advisory 2015-0694-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.
0e711acf0df6e837643b849c9bb486ba31ff24ef22e412c4d7f4581de627ee57
Debian Linux Security Advisory 3193-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.
ab3815ba8d0e2672e234e5f127e052c0084060ae869aa409565552e7b04662a5
HP Security Bulletin HPSBHF03293 1 - Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.
30d1ba0b92a93958f1b541914c45bffd10181d46e5a162699dcd2c22a93f67c4
Gentoo Linux Security Advisory 201503-8 - Vulnerabilities in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.22 are affected.
ead380517caeb1d470c125f906392d70fc04b69f3f20901f9d95e08e43889470