[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

Check for Windows 10 Cortana Search

Check for Windows 10 Cortana Search SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.96195";...

Target Says SEC Won't Pursue Enforcement Action as a Result of Data Breach

Target officials say that the Securities and Exchange Commission, one of several U.S. agencies investigating the massive data breach at the company in 2013, has decided not to punish Target as a result of the breach. The Target data breach is one of the larger such incidents ever. The breach...

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the ssl3getclientkeyexchange function in the OpenSSL library exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to cause a service failure by sending a ClientKeyExchange message of zero length during authentication procedures...

DEBIAN-CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

ZebOS routing remote shell service enabled

...

WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection

Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notified: 2015-06-29 Advisory:...

trial-sport.ru XSS vulnerability

Vulnerable URL: http://trial-sport.ru/gds.php?q=xss=1=0=0=0';alert/XSSposed///=0from=0to= Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 20:57 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 16001 Google...

CollabNet Subversion Edge autocomplete on

Vuln Title: The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Ris...

How to Anonymously Access Wi-Fi from 2.5 Miles Away Using This Incredible Device

Anonymity is something that seems next to impossible in this era of government surveillance. Even Tor and VPNs are no longer seem to be enough to protect user privacy. Once your IP address is discovered, your Game Over! However, a method have been devised that not only allow users to anonymously...

Fedora 22 : abrt-2.6.0-1.fc22 / gnome-abrt-1.2.0-1.fc22 / libreport-2.6.0-1.fc22 / satyr-0.18-1.fc22 (2015-9886)

Security fixes for : - CVE-2015-3315 - CVE-2015-3142 - CVE-2015-1869 - CVE-2015-1870 - CVE-2015-3151 - CVE-2015-3150 - CVE-2015-3159 abrt : - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hserror.log from /tmp - Do...

IPsec-Tools IKE Daemon Remote Denial of Service Vulnerability

IPsec-Tools is a user-space implementation of different IPSecs ported from KAME's libipsec, setkey and racoon, and supports various BSD systems. A null pointer reference error in the IPsec-Tools 'gssapiinit' function src/racoon/gssapi.c allows a remote attacker to submit special UDP packets that...

USN-2603-1 thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application...

Remote DLL Injector v2.0 - Command-line Tool to Inject DLL into Remote Process

Remote DLL Injector is the free command-line tool to Inject DLL into remote process. Currently it supports DLL injection using the CreateRemoteThread technique. Being a command-line tool makes it easy to integrate into your automation scripts. Also useful when you are remotely operating on the...

Apple MAC OS X < 10.9/10 - Local Root Exploit

Exploit for macOS platform in category local exploits / osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool =...

DEBIAN-CVE-2015-1856

OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...

openstack-nova: console Cross-Site WebSocket hijacking

It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...

JVN#56297719: JBoss RichFaces vulnerable to remote Java code execution

JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Impact When a specially crafted input is processed, arbitrary Java code may be executed on the application...

White House Executive Order Declares Cyber National Emergency

U.S. President Barack Obama last week issued an Executive Order declaring a national emergency and deputizing the Treasury Secretary and Attorney General to apply sanctions and other consequences for international actors deemed to have engaged in “cyber-enabled activities” detrimental to U.S...

Cisco IOS XE Autonomic Networking Infrastructure Multiple Vulnerabilities (cisco-sa-20150325-ani)

According to its self-reported version, the version of Cisco IOS running on the remote host is affected by the following vulnerabilities : - A flaw exists in the ANI due to failing to properly validate Autonomic Networking AN messages. This could allow a remote attacker to spoof an Autonomic...