- Packet Storm New Exploits For May, 2015 This archive contains 169 exploits that were added to Packet Storm in May, 2015.
- Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150531 Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
- Maligno 2.2 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
- D-Link Devices HNAP SOAPAction-Header Command Execution Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affe. […]
- Red Hat Security Advisory 2015-1041-01 Red Hat Security Advisory 2015-1041-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use. […]
- Ubuntu Security Notice USN-2624-1 Ubuntu Security Notice 2624-1 – As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks.
- Ubuntu Security Notice USN-2623-1 Ubuntu Security Notice 2623-1 – It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain UDP packets. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service.
- Debian Security Advisory 3276-1 Debian Linux Security Advisory 3276-1 – Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any contro. […]
- Debian Security Advisory 3269-2 Debian Linux Security Advisory 3269-2 – The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression.
- Debian Security Advisory 3275-1 Debian Linux Security Advisory 3275-1 – Ansgar Burchardt discovered that the Git plugin for FusionForge, a web-based project-management and collaboration software, does not sufficiently validate user provided input as parameter to the method to create secondary Git repositories. A remote attacker ca. […]
- Gentoo Linux Security Advisory 201505-03 Gentoo Linux Security Advisory 201505-3 – Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.2.13 are affected.
- Gentoo Linux Security Advisory 201505-02 Gentoo Linux Security Advisory 201505-2 – Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 220.127.116.110 are affected.
- SafeConfig 2015 Call For Papers SafeConfig 2015 has announced its Call For Papers. It will take place October 12, 2015 at the Denver Marriott City Center, Denver, Colorado, USA.
- WordPress UserPro 2.33 Cross Site Scripting WordPress UserPro plugin version 2.33 suffers from a cross site scripting vulnerability.
- IBM Security AppScan 9.0.2 Remote Code Execution IBM Security AppScan versions 9.0.2 and below suffer from an OLE automation array remote code execution vulnerability.
- Yooz.ir Open Redirect Yooz.ir suffers from an open redirection vulnerability.