The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.
43286cd91e4a985e95a4ae861f3d3faa9bc1282a0d90ff781f602a6e76a74ea1
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.
8077371c939f6dc3991f2c812a81f3af6131e54673955814d21f32dce6efd573
PCMan FTP Server version 2.0.7 PUT command buffer overflow exploit that spawns a bindshell on tcp/9988.
079e0b6e1b52360946c41880b50c6c8953ec9da37460c0897e1787cb1c5cd5bc
Red Hat Security Advisory 2015-1544-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
211ab6dc8672735a2153424635a62c7215098412c1ba9ba843117f40ee4c8412
Red Hat Security Advisory 2015-1545-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
9dfd085a0a5cc694a5377b43367bb112a7b57b35c1014353ee1b6296ef398897
Red Hat Security Advisory 2015-1543-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It was found that PortletBridge PortletRequestDispatcher did not respect security constraints set by the servlet if a portlet request asked for rendering of a non-JSF resource such as JSP or HTML. A remote attacker could use this flaw to potentially bypass certain security constraints and gain access to restricted resources.
f4d03fb55875abab70559c6e82184d191ab21036e813540a6a384bd018545fda
Ubuntu Security Notice 2677-1 - An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. A use-after-free was discovered in the GPU process implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
8e4ae28d2f7b897db93cb99063601153c04fb5f447d47955e0fdef06773a6ae2
Debian Linux Security Advisory 3328-2 - The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem.
c4d9e31b5f37c8c10f2ab9b01ed62e57c7dd49f93e9bb24d6b05d75b64af8b51
Debian Linux Security Advisory 3328-1 - Several vulnerabilities have been found in Wordpress, the popular blogging engine.
0fe2f36ccb4402230be9fa8cb3b4150d88175339d405b8222f84ef0ee4fb8c0c
Debian Linux Security Advisory 3327-1 - Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cache_peer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a gateway proxy to its backend proxy.
9bc21bbd9d798266d317a3b5bf65d2c238cc28361e9f33791f2ee9a0c0a76d4a
CODE BLUE has announced its Call For Papers. It is an international conference held at Shinjuku, Tokyo, Japan that will be held from October 28th through the 29th, 2015.
01ad6df98b82f18459162893dfb06ddd09f0646fe003b123837626d66f100d96
There are several flaws in the HP ArcSight Logger search capabilities that cause it to provide invalid search results for any query that uses boolean expressions. This means that any query to search through data in the logs ArcSight collected is potentially incorrect if the query contains more than one search term.
f3192b0bb9062010087a388c5a6cde7b87e5a1d735b14ce20bbab5e331135343
Shellcode Helper is a python script designed to act as an x86 little endian stack converter.
2169ef9e90390289a012969247ecff8e6fb7a30ae571da774b8a381696435b8c
Mac OS X 10.10.4 (Yosemite) suffers from a keychain-related denial of service vulnerability.
5e5264989ee711ea2cf1f4508b6d73169a2f88b72a97de4b2be4e77d5bfb3214
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
d6f8148b2a51afa236e1284152db140b9288c1e1365652c1f14c68ac0cedf1e3
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
9c57831907bc26eadcdf90ba1827d0bd962dd1f737362e817a1dd6d6ec036f79
This Metasploit module embeds an exploit into an uncompressed map file (.h3m) for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occurring when loading object sprite names leads to shellcode execution.
5f3f3372c7b7ed5f4f8756063b78d1e2135c986738b9fc08143adf4c5746a07f
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
6b67b14746410461fe4a8ce6a625e7eef789243454fe30eab7329d5984be4163
BlueDragon versions 6.2.1, 7.0, and 7.1 suffer from multiple cross site scripting vulnerabilities. These are in addition to priorly discovered similar issues in these versions.
34152718c0c5e04b81a0e17e0d27f408dc1c6ce005e485fce24870f32ad785fb
This archive contains 162 exploits that were added to Packet Storm in July, 2015.
6d11671c05fe99091b2ef5fd1f3b7d873d28145c02d9b99c7658ff41e3502566
Distro Checker is a tool written for doing cross distribution exploit testing.
8bc23f4e57fc2885ba6b8d8ec2eba603aec8e5155f4bf85739fce47220e6419f
Red Hat Security Advisory 2015-1539-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.2 serves as a replacement for Red Hat JBoss BPM Suite 6.1.0, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issues are also fixed with this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
56627352a7df2d86dd0a52f57fc03ccdd0383b7f81d892b51ba9198d83ea8692
Red Hat Security Advisory 2015-1538-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.2 serves as a replacement for Red Hat JBoss BRMS 6.1.0, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issues are also fixed with this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
cd8d3c1f817b1c9faba0d4e0599cebb2aa48f6de86fd4533c50a3f58ab9d4d37
Debian Linux Security Advisory 3326-1 - William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened.
61f0975e460b5d4f229cb65cae6d1ef8588a7b34a4f12ec1927837bf0717ec23
Debian Linux Security Advisory 3325-1 - Several vulnerabilities have been found in the Apache HTTPD server.
7eb41d5e0dde8b13a8166433bf5d89842f644f90dca24040daea5c78a82cd56d