[SECURITY] Fedora 20 Update: strongswan-5.2.2-1.fc20

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

Windows Gather Local SQL Server Hash Dump

This module extracts the usernames and password hashes from an MSSQL server and stores them as loot. It uses the same technique in mssqllocalauthbypass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Firefox Proxy Prototype Privileged Javascript Injection Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 'Firefox Proxy Prototype Privileged...

Debian DLA-92-1 : tomcat-native security followup update

This is an upgrade from tomcat-native 1.1.20 the version previously available in squeeze to 1.1.31, the full list of changes between these versions can be seen in the upstream changelog, which is available online at http://tomcat.apache.org/native-doc/miscellaneous/changelog.html This update itse...

DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM double data rate dynamic random-access memory chips and gaining higher kernel privileges on the system. The technique, dubbed "rowhammer"...

Rowhammer - NaCl Sandbox Escape

Rowhammer - NaCl Sandbox Escape Sources: http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284 Full PoC:...

Exploiting the DRAM rowhammer bug to gain kernel privileges

Rowhammer blog post draft Posted by Mark Seaborn, sandbox builder and breaker, with contributions by Thomas Dullien, reverse engineer This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero blog Overview “Rowhammer” is a problem with some...

Rowhammer - NaCl Sandbox Escape

Sources: http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284 Full PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36311.tar.gz This is a proof-of-conce...

[SECURITY] Fedora 19 Update: pcre-8.32-12.fc19

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

Sandbox escapes: Google App Engine GAE in the presence of a 3 0+a sandbox bypass vulnerability-vulnerability warning-the black bar safety net

Security researchers at Google App Engine Google App Engine's Java environment found a large number of high-risk vulnerabilities that an attacker can exploit these vulnerabilities to bypass Google's security sandbox protection. Google App Engine Google App Engine is a Google-managed data centers...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

[SECURITY] [DLA 92-1] tomcat-native security followup update

Package : tomcat-native Version : 1.1.31-1deb6u1 This is an upgrade from tomcat-native 1.1.20 the version previously available in squeeze to 1.1.31, the full list of changes between these versions can be seen in the upstream changelog, which is available online at...

DLA-92-1 tomcat-native - security update

Bulletin has no description...

MGASA-2014-0461 Updated hawtjni packages fix security vulnerability

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJ...

Updated hawtjni packages fix security vulnerability

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJ...

openSUSE Security Update : chromium (openSUSE-SU-2014:1378-1)

Update to Chromium 38.0.2125.101 This update includes 159 security fixes, including 113 relatively minor fixes. Highlighted securtiy fixes are: CVE-2014-3188: A combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox CVE-2014-3189: Out-of-bounds read in PDFium...

F5 Networks BIG-IP : OpenSSL vulnerability (K15325)

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

[SECURITY] Fedora 20 Update: xerces-j2-2.11.0-17.fc20

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework f or building parser components and configurations that is extremely...