[SECURITY] Fedora 19 Update: drupal6-filefield-3.12-1.fc19

FileField provides a universal file upload field for CCK. It is a robust alternative to core's Upload module and an absolute must for users uploadin g a large number of files. Great for managing video and audio files for podcast s on your own site. Optional: APC php-pecl-apcu uploadprogress...

[Burp Co2] A collection of enhancements for Portswigger's popuplar Burp Suite web penetration testing tool

Co2 includes several useful enhancements bundled into a single Java-based Burp Extension. The extension has it's own configuration tab with multiple sub-tabs for each Co2 module. Modules that interact with other Burp tools can be disabled from within the Co2 configuration tab, so there is no need...

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...

[Weevely v1.1] Stealth tiny PHP web shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation , and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

NTP Amplification Flaw To Blame For Gaming DDoS Attacks

US-CERT has issued an advisory that warns enterprises about distributed denial of service attacks flooding networks with massive amounts of UDP traffic using publicly available network time protocol NTP servers. Known as NTP amplification attacks, hackers are exploiting something known as the...

[Memoryze] Find Evil in Live Memory (Memory Forensic Software)

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. Mandiant’s Memoryze features: image the full range of system memory no...

Linux Kernel (Ubuntu 11.1012.04) - binfmt_script Stack Data Disclosure

Linux Kernel Ubuntu 11.1012.04 - binfmtscript Stack Data Disclosure Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stac...

Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack...

Network Security Assessment: Subterfuge

Subterfuge is no longer a Beta! Now it is a full fledged network security assessment tool in its own right Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as...

CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

UBUNTU-CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

Samba < 3.6.22 / 4.0.13 / 4.1.3 Multiple Vulnerabilities

Binary data 8075.prm...

PHP MBB CMS 004 - Multiple Vulnerabilities

PHP MBB CMS 004 - Multiple Vulnerabilities MBB CMS = 004 LFI/SQLi Multiple Vulnerability By cr4wl3r http://bastardlabs.info Script http://sourceforge.net/projects/phpmbbcms/ Tested : Windows / Linux Dork : N/A LFI MBBCMS/index.php ....... 22 ifisset$GET'mod' 23 $a=$GET'mod'; 24 switch$a 25 case $...

Schneider Electric PLCs Vulnerabilities

OVERVIEW --------- Begin Update B Part 1 of 2 -------- This updated advisory is a follow-up to the previous advisory update titled ICSA-13-077-01A Schneider Electric PLCs Vulnerabilities Update A that was published March 20, 2013, on the ICS-CERT Web page. It is also a follow-up to the updated...

MS KB2871690: Update to Revoke Non-compliant UEFI Modules

The remote host is missing Microsoft KB2871690, an update that revokes the digital signatures of nine third-party UEFI modules. This update prevents the modules from being loaded on systems where UEFI Secure Boot is enabled. C Tenable Network Security, Inc. include"compat.inc"; if description...

Debian Security Advisory DSA 2812-1 (samba - several vulnerabilities)

Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked...

DSA-2812-1 samba - several

Bulletin has no description...

Updated drupal package fixes security vulnerabilities

Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations CVE-2013-6385. Drupal core directly used the mtrand pseudorandom number...

[FruityWifi v1.6] the Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi, Pwnpi Raspberry Pi. With the new version, it is possible to install...

EMC Documentum crossite scripting

Crossite scripting in different modules...