THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
d1e8a3f295931fdc89e200da3c171b9e4922029cc55d11faece9b776ba2fd10aTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7293e7c32198219688e5bf5308f7e8eab37ad78d49701c9860a6b22aecda0ab6Ruby Gem Rgpg version 0.2.2 suffers from a remote command injection vulnerability.
c54580488fa386bb799c224ae7cf985b25c183e8936078b05fc68b8cc01bd006Joomla SectionEx component version 2.5.96 suffers from a remote SQL injection vulnerability.
4c343aa59c62d97cee87901b3076377de0e9ca9879a04e4358732a4cb199bdd9Red Hat Security Advisory 2013-1137-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to these updated packages, which resolve this issue.
5049766afbe3a5287229918f7536bbbd09461a243cad60886ef8c458ed3f5200Red Hat Security Advisory 2013-1135-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
ea3048e1d624e0dfb9d238f708c159b83698d2fa85c180285cb6b492cbce9cd5Red Hat Security Advisory 2013-1134-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.
f3762866ae287745c1aef81e5fd72ea6d719231d8bf28f0fc66d89f34941946cRed Hat Security Advisory 2013-1133-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.
6a1d7201cf3feea885275a7fccb230881f35ce567076aeb08974c43b74be918dRed Hat Security Advisory 2013-1136-01 - rubygem-passenger is a web server for Ruby, Python and Node.js applications. The rubygem-passenger gem created and re-used temporary directories and files in an insecure fashion. A local attacker could use these flaws to conduct a denial of service attack, take over the operation of the application or, potentially, execute arbitrary code with the privileges of the user running rubygem-passenger. Note: By default, OpenShift Enterprise uses polyinstantiation for the /tmp/ directory, thereby minimizing the risk and impact of exploitation by local attackers of both CVE-2013-2119 and CVE-2013-4136.
145d2d1054ef84c2d2f4e31d12c8c8168fad64e9ee4bc03dff62ca5cafd2f4f6Debian Linux Security Advisory 2734-1 - Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser.
ca978295b2d9574a2eb951914fdf46215170e0970e6c062b66430cc0be3e7594Mandriva Linux Security Advisory 2013-206 - Updated owncloud package fixes security vulnerabilities. This update provides OwnCloud 5.0.9, which fixes these issues, as well as several other bugs.
3eb51aeedb33cebb10b94645c0e7b11c107847b8624dab381d23858d411d4ad3Slackware Security Advisory - New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt. Related CVE Numbers: CVE-2013-4242,CVE-2013-4242.
c1175683a5f439679477f3080f9d765b49fc384e8d97d6c0659f5a5bd7a5ed81Debian Linux Security Advisory 2732-1 - Several vulnerabilities have been discovered in the Chromium web browser.
32b03d687426e79e885c07fa5096c09f9f5f1b0a5c70d4fe68f6c4c9d5b205d4Debian Linux Security Advisory 2733-1 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.
17527af704d3664232acad459e3b4ed17fa1772c6437ade8fe8e7d244249c675IBSng version A1.24 suffers from multiple cross site scripting vulnerabilities.
c155f86712960813ad819d5103a4d8242b28718aa6563eb3c8a6e0e3337f0228Digitalocean.com leaks customer network traffic to other customers due to having an overly large bridge defined in libvirt-interface.
87b828307e57aab9be83e9544fa1ed0997885c68065a2edf79eb33788ea018af
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed