Debian Linux Security Advisory 3216-1 - Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system.
81c084de4cd2de6083573bce140eb406f89e273d97f00f390c9dd56fdc86863e
HP Security Bulletin HPSBMU03296 1 - Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow a Denial of Service (DoS). Revision 1 of this advisory.
9513e9f5e721a57f1d75304573ad18b07d6f46d52f0ee772d57b7eadb0a6b5d3
Debian Linux Security Advisory 3215-1 - Multiple vulnerabilities were discovered in libgd2, a graphics library.
f5407791a7d254b53e025eae1a764e715e59de2b3403d0297501a6900adb290c
Debian Linux Security Advisory 3214-1 - A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.
abf188d9a2c976b95165071e0f07ae6e49e0b202ed2c520547e5a230417b5ae5
Debian Linux Security Advisory 3213-1 - Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver.
7f8e93a398d961e10e08110b0546218adeb91474cde082dad6db5e68581db236
This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication. The second problem is that the settings-new.jsp file will only check the 'username' attribute before authorizing the 'uploadFile' action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module's References section.
2317dc92c6f139454e3f1f332df164d1f95a0522a4c134a535971f37a15fb0d2
Red Hat Security Advisory 2015-0778-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 41.0.2272.118, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
10d36eec9969e9b5e3d698537439e144a6d70437b17d37086674397cd04d085e
HotExBilling Manager version 73 suffers from a cross site scripting vulnerability.
f89a76503b13c1babdd6ef06c3833e86ce72585726e830aa66ce9afa10898690
WordPress Work The Flow plugin version 2.5.2 suffers from a remote shell upload vulnerability.
b23e731d1911c049312f934170230326589cb951911a5055e04af2200b606f71
Oracle.com suffered from a cross site scripting vulnerability.
6c4b6e99ca086b5b03c0f64ae43d2959fece8ee22e1ed5f22a41e02102ac10d6
Proof of concept exploit for the Pitbull and w3tw0rk IRC bots that takes over the owner of a bot which then allows for remote code execution.
25d37202a1a216b2b3b0ea44f8cc962fb754a7bbee64d6160acc06a8185d216a
Digital Whisper Electronic Magazine issue 60. Written in Hebrew.
c5a27d1c458250c59014799c3f3542537279ddfeb28d4dad6e909e0fc9818dc6
PyScripter suffers from a dll hijacking vulnerability.
55afe0741013c5aa1c6904d79f64dbf252cb5d23bd2c7456e8b0ae301d4f2c89