Pair of Drupal Modules Patch Access Bypass Flaws

A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users. One of the modules fixed is the Twitter module, which allows users to take a variety of actions,...

[SECURITY] Fedora 23 Update: drupal6-ctools-1.14-1.fc23

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

[SECURITY] Fedora 22 Update: drupal6-ctools-1.14-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

SUSE-SU-2015:1545-1 Security update for conntrack-tools

Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. bsc942149, CVE-2015-6496...

Empire - PowerShell Post-Exploitation Agent

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz,...

CVE-2015-6496

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service crash via a 1 DCCP, 2 SCTP, or 3 ICMPv6 packet...

Code injection

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service crash via a 1 DCCP, 2 SCTP, or 3 ICMPv6 packet...

CVE-2015-6496

CVE-2015-6496 affects conntrackd in conntrack-tools 1.4.2 and earlier, where optional kernel modules may not be loaded before use. This can crash the daemon (denial of service) when processing DCCP, SCTP, or ICMPv6 traffic. Public advisories and vendor updates document the fix in newer packages (...

RedHat Update for pam RHSA-2015:1640-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 : pam (RHSA-2015:1640)

An updated pam package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Moderate: Red Hat Security Advisory: pam security update

An updated pam package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

pam security update

CentOS Errata and Security Advisory CESA-2015:1640 An updated pam package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

FTP Commander 8.02 - Overwrite (SEH)

FTP Commander 8.02 - Overwrite SEH Exploit Title: FTP Commander 'Costum Command' SEH Over-WriteBuffer Overflow. Date: 8/17/2015 Exploit Author: UnN0n Software Vendor : http://www.internet-soft.com/ Software Link: http://www.internet-soft.com/ftpcomm.htm Version: 8.02 Tested on: Windows 7 x3232 BI...

OpenSSH PAM Support Remote Code Execution Vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...

PT-2015-3449 · Openssh +5 · Openssh +5

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 7.0 Description: The issue is related to a use-after-free vulnerability in the mm answer pam free ctx function in monitor.c in sshd. This vulnerability might allow local users to gain privileges by leveraging control...

http-drupal-enum NSE Script

Enumerates the installed Drupal modules/themes by using a list of known modules and themes. The script works by iterating over module/theme names and requesting MODULEPATH/MODULENAME/LICENSE.txt for modules and THEMEPATH/THEMENAME/LICENSE.txt. MODULEPATH/THEMEPATH which is either provided by the...

Android 'Serialization' Vulnerability Affects 55 Percent of Devices

Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they’ve not always been diligent about. I...

Object Scanning System: Laika BOSS

Laika is an object scanner and intrusion detection system that strives to achieve the following goals: Scalable Work across multiple systems High volume of input from many sources Flexible Modular architecture Highly configurable dispatching and dispositioning logic Tactical code insertion withou...

SUSE-SU-2015:1445-1 Security update for busybox

-The following issues are fixed by this update: CVE-2014-9645: do not allow / in module names to avoid loading bad modules bnc914660...

[SECURITY] Fedora 22 Update: drupal7-migrate-2.8-1.fc22

The migrate module provides a flexible framework for migrating content into Drupal from other sources e.g., when converting a web site from another CMS to Drupal. Out-of-the-box, support for creating core Drupal objects such as nodes, users, files, terms, and comments are included - it can easily...