Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
435a7b91aa98d8b1a0ac1f60ca30c0ff3665b18a02e570bab5fe27935829160f
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
ca43866f0090ffc6f4fe3af166ed1eb705e8a4f418b8644a4e288a486971d90c
This Metasploit module exploits a command injection vulnerability discovered in Commvault Service v11 SP5 and earlier versions (tested in v11 SP5 and v10). The vulnerability exists in the cvd.exe service and allows an attacker to execute arbitrary commands in the context of the service. By default, the Commvault Communications service installs and runs as SYSTEM in Windows and does not require authentication. This vulnerability was discovered in the Windows version. The Linux version wasn't tested.
17a8d88e94f4d922aee745206ec1f68bc231beaf46d176bb3e725cce023ab8d7
Ubuntu Security Notice 3521-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.
2b04254723d86ddd229f4fcf7163aaec50cd2ba6cea2b8767d18577223c95dbc
Synology PhotoStation versions 6.7.2-3429 and below suffer from file disclosure and remote SQL injection vulnerabilities.
ad09b2ea0675a31e268f69980f1207ad88aa1a915e3330c604acafaf780e7aa6
This Metasploit module exploits multiple vulnerabilities in Synology PhotoStation. When combined these issues can be leveraged to gain a remote root shell.
c2633b99ae20f01a367fb4e5e36b30f18ba62871b2f3aa8d07c433862694a6b6
Yawcam versions 0.2.6 through 0.6.0 suffer from a directory traversal vulnerability.
6ff02bfc7b521064c3367b0f6dcbd70678461fbfea70b0fff6e3068ff09ec3c9
Apple Security Advisory 2018-1-8-3 - Safari 11.0.2 is now available and and addresses security issues relating to Spectre.
6a0e6b5a0291d9d29a511d5ac88e1e33fb091e444b41c1d05731905fd88b552c
Apple Security Advisory 2018-1-8-2 - macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.
d853f93e1e71c9aa8d886a2aeccf078dfaa905ed2a74523bb075a36373aaeaf3
Ubuntu Security Notice 3520-1 - It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password.
6b101a157eaeef1fdcfeb5bd0ff7001066eb250d1d82741a1f8ed99760478903
Ubuntu Security Notice 3519-1 - It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
38382610e11f924ba68fd9e1ac30126f36e4138680f20e49f3193dccf7392465
VX Search Enterprise version 10.1.12 suffers from a denial of service vulnerability.
272ebddb85b73cde9838c27d96f2f32c9879ae24639a5716e1cb18ac6c00ec25
Disk Pulse Enterprise version 10.1.18 suffers from a denial of service vulnerability.
fb10f4a9ee5fdb19aec1845435cce577a0fc68624fc402a4f7f620d39597e013
Apple Security Advisory 2018-1-8-1 - iOS 11.2.2 is now available and and addresses Spectre issues with Safari and WebKit.
14100c950dadca4bf5143083ee95bc72573920f161f07761ce065fa637ff4c25
Ubuntu Security Notice 3518-1 - It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.
faea2e34aef798c0b0b890705edd1cd3dc2fa2fa8b2fee9cb6ecfd54144b67c8
Sync Breeze Enterprise version 10.1.16 suffers from a denial of service vulnerability.
b21a0d7e726136ba5079e7b43d7b78a0d682f7f56052fbd13596e66ea7db6772
USN-3517.txt - It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
7ec69249e51f726fe7daaad3cfdd92f7967d4b1066d3438d5cd1b6ec0f86c7c7
Gentoo Linux Security Advisory 201801-10 - A vulnerability has been found in LibXfont and LibXfont2 which may allow for arbitrary file access. Versions less than 1.5.4 are affected.
9726e2c346cfa3759d4f3c7285cb1921a49a2664c99173ce26aa44c2e66118ba
DiskBoss Enterprise version 8.5.12 suffers from a denial of service vulnerability.
dcdeeb90e66fcad49ed01f320197c07b1e5c77e6b4ca3aa134dff9cec0e20c20
Vanilla Forums versions prior to 2.1.5 suffer from a cross site request forgery vulnerability.
04858042109e0c0c7f04c9a4ccb3c039a9d01f0b31ab811d563e2c0873aad5cc
This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.
6ca4e042704f1c11c5f3b11989e130de889f46523779b326d9cbaf056da654ca
30 bytes small Linux x86 exec /bin/dash shellcode.
0dcc25a61556aac3d057ee9989212f00bca2a0687dfb4646dedb97c699a76dbe
AvantFAX version 3.3.3 suffers from a cross site scripting vulnerability.
fd21fcbf251b77df50b58e292ab4ed7015919f47f3d00da8f702fb15a605c592
Office Tracker version 11.2.5 suffers from a cross site scripting vulnerability.
37de76be1f820040b12690871f5d7535f218769b517b2df46618110f2578c1ea
Rx Tera version 2.0 suffers from a cross site request forgery vulnerability.
458a3f0d6d81f9cd1978ed8a1211c379511bac3fa16fdff01c032efe366cda05