Ubuntu Security Notice 2744-1 - Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service.
dee7f3fa2888859a2f779bee89c68c507cea1c1a90dff31a934e31fb62b1d8a9
Due to a server misconfiguration, customers of Unified Layer suffer from a remote shell upload vulnerability.
38bbe1895961c77f3c46b4f57c4870d647343451c3a8616690b2f3361d104493
Debian Linux Security Advisory 3366-1 - A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).
98be0a92a93f054d0e77b6763c292f565ae1d55068b02c508f3de091e937e53d
A file inclusion vulnerability in the "BIRT Engine" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.
d1c67acf2296b14667db65143804438a4df4fc202748bde4c1b51d8b462144c0
Flowdock API suffered from a script insertion vulnerability.
ba260a05957e34276837655ae4846ed931f035bdf3bcdc1cd399b333cb422879
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
b16eaed1f29c3e383214f3804adce7b21d4bb13db5a0dfba3fd719b3544cf305
Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points. By exploiting this vulnerability is is possible for the attacker to gain root privileges. Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Linux.
66660159f211f495d60f7ca1acea5dbe4e444722621da4f69354d6747a67fc1b
Debian Linux Security Advisory 3365-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
9f06181535993a2ed1465714f151805630edd6d8b335d381b49719f716301fdc
RSA Archer GRC version 5.5.3 suffers from cross site scripting, improper authorization, and information disclosure vulnerabilities.
c54811b8c5daa0f2f91c5eb39b919b6ddcb97837b722c57d324f1fd49df6558d
Cisco Security Advisory - A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.
426911a2340b77ce46c2ba99fd3f3b7030de0d1d02a5d5585ee5a5138cc0f294
Cisco Security Advisory - A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line. Depending on the configuration of the user and of the vty line, the attacker may obtain administrative privileges on the system. The attacker cannot use this vulnerability to elevate privileges. The attacker must know a valid username configured for RSA-based user authentication and the public key configured for that user to exploit this vulnerability. This vulnerability affects only devices configured for public key authentication method, also known as RSA-based user authentication feature. Cisco has released software updates that address this vulnerability. Workarounds for this vulnerability are not available; however administrators could temporarily disable RSA-based user authentication to avoid exploitation.
6bb5a45a2fbd512ed3aa4d90ff71881a50ad9af02083391db8eaf255a2cc93bb
Cisco Security Advisory - Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
e1f2da6fedc66d63bb64c173c44f2ac66b96073b0f040599afe50fd556f7059a
UltraEdit version 22.20 suffers from a buffer overflow vulnerability.
adcf8a3d5f0c3748dac9b35b34f0d3539924300c71ddb8aaaa96180e87d99490
WiFi Drive CR version 1.0 suffers from a file upload vulnerability that allows for malicious script execution.
6f4c0e90400ddb9bc62a317bbf688b4b45f93981ac1ef7a4dd8e7ff43d6ad413
Flowdock API suffers from a script insertion vulnerability.
7e6189349fba12fd6c7e3dcb27db488a15f5b36eef129eae39771e631f2f5544
The attached proof of concept exploit triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys.
f8fe51bd5f2d627380ec1e9bcb00b3ca0c6353262e9aa8b4b1b4ac9c99cb457a
This python script checks for the OpenSSL memory leak named Heartbleed and as noted in CVE-2014-0160. It can be used for different SSL TLS versions and multiple (HTTPS/SMTP/IMAP/POP3) protocols. It is optimized for mass scans.
89791cf81b92b962ceaf4da83a28781f5cf9ed884168321574cab9f157657409
The Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.
9748fca6fbb5ef34f232cdeeda20cce0f47e4feea1fa4c9a9f7b321d183c13cb
iTop version 2.1.0-2127 suffers from a cross site scripting vulnerability.
f4b6534491d5293f2fea76c29c6b8aadee6b449a909842e6180df88d6e311a00
Open-Xchange Server 6 version 6.22.9 and AppSuite versions 7.6.2 and below suffer from a cross site scripting vulnerability.
c9c4d8ccdad8eb8bf72cebfe60896e103804e4d5ce9efd53ba50b89a83af98c9
This Metasploit module allows remote command execution on the w3tw0rk / Pitbul IRC Bot.
a66d2214cda0b74148ccafd0385d0e911312b00a6a8e83f79d778d3df8c97ac7
Guard versions 2.0.0-rev7 and below suffer from a remote SQL injection vulnerability.
3c809640481eb4fdb7281fa918f2ac3bef55825d59b63af8b4673e6934d06de1
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues.
ebc5258643f93251773ac8fc97ebdb8aac0a82b9421ca55faf925ae4415070e9
Ubuntu Security Notice 2743-2 - USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
986b83654da1e91607d0d1a9f51b803b6779ff1380d7d14bd5db7bbf5cc5c08b
The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.
aa59811bd905801dec0d9cc27fe51730ae27b8776b206fdd60d6a08739d77ef3