Small Number of Malicious Tor Exit Relays Snooping Traffic

A small number of Tor exit relays are misbehaving, conducting man-in-the-middle attacks and monitoring encrypted traffic from users of the anonymity network. Researchers from Karlstad University in Sweden published a paper this week examining the malicious behavior of some Tor exit relays and fou...

[Tor-ramdisk] Micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM

Tor-ramdisk is a uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM. For those not familiar with Tor, it is a system which allows the user to construct encrypted virtual tunnels which are randomly relayed between Tor servers nodes until the...

NSA using Browser Cookies to track Tor Users

Yesterday a new classified NSA document was leaked by Edward Snowden - titled 'Tor Stinks' in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser. The NSA had a very hard time while tracking down all Tor...

Latest Snowden Leak Explains NSA Subversion of Tor Users

The latest Snowden documents, made public today, suggest the National Security Agency is able to peel back the veil on a small fraction of Tor users at a time, but overall the integrity of the anonymity network remains intact. Tor promises its users a level of anonymity online for their Web...

CVE-2013-1730

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of...

Oracle Linux 5 : busybox (ELSA-2012-0308)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0308 advisory. 1:1.2.0-13 - Resolves: 768083 'busybox various flaws' including: 'buffer underflow in decompression' 'udhcpc insufficient checking of DHCP options'...

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

CVE-2013-3919

CVE-2013-3919 affects ISC BIND where resolver.c, used by recursive resolvers, can trigger an assertion failure and named daemon exit when handling a query for a record in a malformed zone. Affected versions include BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R...

CVE-2012-4460

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...

Out-of-bounds

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...

httpd security, bug fix, and enhancement update

2.2.15-26.0.1.el6 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-26 - htcacheclean: exit with code 4 also for 'restart' action 805810 2.2.15-25 - htcacheclean: exit with code 4 if nonprivileged user runs initscript 805810 - rotatelogs: omit the...

USN-1726-1 : linux-ti-omap4 vulnerabilities

It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. CVE-2012-2669 Dmitry Monakhov reported a race...

AIX 6.1 TL 2 : bind (IZ56317)

AIX 'named' is an implementation of BIND Berkeley Internet Name Domain providing server functionality for the Domain Name System DNS Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9. There is an error in the handling of dynamic update messages in BIND 9. A crafted...

CentOS Update for wireshark CESA-2013:0125 centos5

Check for the Version of wireshark OpenVAS Vulnerability Test CentOS Update for wireshark CESA-2013:0125 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for httpd CESA-2013:0130 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for OpenIPMI CESA-2013:0123 centos5

Check for the Version of OpenIPMI OpenVAS Vulnerability Test CentOS Update for OpenIPMI CESA-2013:0123 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20130108)

Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users...

Low: Red Hat Security Advisory: OpenIPMI security, bug fix, and enhancement update

Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...

CVE-2012-5532

The CVE-2012-5532 issue exists in the Linux kernel hypervkvpd hv_kvp_daemon: the main function in tools/hv/hv_kvp_daemon.c allows a local user to trigger a denial of service (daemon exit) via a crafted Netlink message. It is noted as a consequence of an incorrect fix for CVE-2012-2669, and a patc...

bind: DoS on servers using DNS64

ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...