Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.
c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1fa
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c5c3ccebeecbace39df0ff2d50ec4515b541103ffaa5e33cd1dc79d4955c0dfd
Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.
92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.
525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
Onapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.
5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2
Red Hat Security Advisory 2015-0266-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
b6086d5a30a8d920f7c48a29debed81f96970f5500250c3604ddf5e177d50cd7
Gentoo Linux Security Advisory 201502-14 - A vulnerability in grep could result in Denial of Service. Versions less than 2.21-r1 are affected.
17571fc7011e05dc2a208be4e37864cb8316ec4cfbb4c2172adcc07b37a15a8d
SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.
24bbaf5076666acb1c082a4015e52f5e8aa9a9c44a370c866f118c741c285a66
Ubuntu Security Notice 2510-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
004b239ee393759fc7cb311874d2950a7c617c30b47ea5eaf837e1aa8242e9ec
Red Hat Security Advisory 2015-0265-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
6fb8b5c06984a36c4d611ba9da24a080aee70d51ca3707e453f3588b2581bb25
Red Hat Security Advisory 2015-0264-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
fb96a7ad227e19fc4fa2743e05c0242fa499690eb2839e767de61e2ba5dab7c9
Red Hat Security Advisory 2015-0263-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted, as well as all running instances of IBM Java.
67e87106d47b830b1bc1b249bc64d5e01b365f1e4e3b35563732d2787a1aea88
Various Webgate technology suffers from multiple buffer overflow vulnerabilities.
6d6a87e39a520ec98120ccff8b68f26b54ef6465769b821e910397fd5a27aa7e
EVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.
66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11e
This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.
e26853153c11af3c368c496b92cb79cc809c59f6efe56f5c321aefba8a22855c
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
6f02f38c933662874c485cb52ca800a9e07c36e74a26fdfeece65e25979beb4b
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
546b134942e14428952c2ca513d63be123eda20b6838f21a030ccbaee216ac44
Red Hat Security Advisory 2015-0260-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.
792f9e6798b5e25740435a9e04fbf407a18a4febd6f6f49612ad6f8f36b8e4f4
Red Hat Security Advisory 2015-0257-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
8d76cd4b796bce158991cd0e1051183c70804b81ce9d0272e76292fb6fc1201a
Ubuntu Security Notice 2508-1 - Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.
8f0eb27d03b4e301f5738acc1808a68c1d0bbee2df8f1929bbc908fecacc20be
Ubuntu Security Notice 2507-1 - Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code.
3de6d17500b7985ce0d6caf535a214a5195595178af020699e992b99fc08fd87
Ubuntu Security Notice 2509-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.
877b0e4f80b3a39fd254bf9a4d9f4547850d7052585e9cc3fe2f506273ad4a76
Debian Linux Security Advisory 3171-1 - Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.
3a3f953fda09a742df9d1191a2a8a008bfb65321af16ac862f950df2fe6b22a1