glibc security and bug fix update

2.12-1.149.4 - Fix recursive dlopen 1173469. 2.12-1.149.3 - Fix typo in ressend and resquery rh1172023. 2.12-1.149.2 - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, 1139571. 2.12-1.149.1 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170121...

CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...

RPEF - Abstracts and expedites the process of backdooring stock firmware images for consumer/SOHO routers

Router Post-Exploitation Framework Currently, the framework includes a number of firmware image modules: 'Verified' - This module is confirmed to work and is stable. 'Unverified' - This module is believed to work or should work with little additional effort, but awaits being tested on a physical...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

[SECURITY] Fedora 20 Update: pam-1.1.8-2.fc20

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

Linux Modules Connected to Turla APT Attacks Discovered

The Turla APT campaigns have a broader reach than initially anticipated after the recent discovery of two modules built to infect servers running Linux. Until now, every Turla sample in captivity was designed for either 32- or 64-bit Windows systems, but researchers at Kaspersky Lab have discover...

Multiple Schneider Electric Modicon M340 Ethernet Modules Remote Denial of Service

Binary data 7161.pasl...

Multiple Schneider Electric Modicon PLC Modules Directory Traversal

Binary data 7154.pasl...

Hash Manager - Recovering passwords to hashes

The software is designed for recovering passwords to hashes, and it features the following: Supports over 330 hashing algorithms. Contains over 50 additional utilities for handling hashes, passwords, and dictionaries. Unlimited loadable hashes, dictionaries, rules, and masks. Multithreading. 64...

[SECURITY] [DLA 97-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u2 CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv...

Passively Sniff Wireless Devices: iSniff GPS

Passively Sniff Wireless Devices iSniff GPS passively sniffs for SSID probes, ARPs and MDNS Bonjour packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based sole...

DLA-97-1 eglibc - security update

Bulletin has no description...

RHEL 6 : kernel (RHSA-2014:0419)

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Expanding Use of PKI in Variety of Devices Holds Challenges

LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some...

ZMap 1.2.1 - The Internet Scanner

ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical...

HumHub Modules Mail 0.5.8 Cross Site Scripting

Title: HumHub Modules Mail v0.5.8 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/10/31 Download: https://github.com/humhub/humhub-modules-mail Contacted authors: 2014/10/15 ---------------------------------------------------------- Description: "Private messaging system to...

F5 Networks BIG-IP : Linux kernel vulnerability (SOL15732)

The translatedesc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging Kernel-base Virtual Machine KVM guest OS privileges. C Tenable Network Security, Inc. The...

Important: Red Hat Security Advisory: openstack-packstack security, bug fix, and enhancement update

Updated openstack-packstack packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...