[ipset_list] ipset set listing wrapper script

Features: Calculate sum of set members and match on that count. List only members of a specified set. Choose a delimiter character for separating members. Show only sets containing a specific glob matching header. Arithmetic comparison on headers with an integer value. Match members using a...

CVE-2013-4592

Memory leak in the kvmsetmemoryregion function in virt/kvm/kvmmain.c in the Linux kernel before 3.9 allows local users to cause a denial of service memory consumption by leveraging certain device access to trigger movement of memory slots...

UBUNTU-CVE-2013-4592

Memory leak in the kvmsetmemoryregion function in virt/kvm/kvmmain.c in the Linux kernel before 3.9 allows local users to cause a denial of service memory consumption by leveraging certain device access to trigger movement of memory slots...

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit SET v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get...

AIX 5.3 TL 12 : cmdque (IV51388)

Printer commands mkque and mkquedev are susceptible to buffer overflow by users belonging to the 'printq' group. These commands are owned by 'root' and SUID bit set. The group is set to 'printq'. By default, no users are belong to the 'printq'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Mozilla: Memory corruption in workers (MFSA 2013-101)

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code o...

CVE-2013-5602

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code o...

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

DEBIAN-CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

DEBIAN-CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

DEBIAN-CVE-2013-4288

Race condition in PolicyKit aka polkit allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to 1 the polkitunixprocessnew API function, 2 the dbus API, or 3 the --process...

[ThreatFactor NSIA v1.0.6] Network System Integrity Analysis

ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any...

OpenEMR 4.1.1 Patch 14 - SQL Injection / Privilege Escalation / Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR 4.1.1 Pat...

Code injection

The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service device reload via a crafted AS path set, aka Bug ID CSCuf49554...

PT-2013-4723 · Microsoft · Skype For Business +1

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 11 Description: A use-after-free vulnerability exists in the SetMouseCapture implementation in mshtml.dll. This allows remote attackers to execute arbitrary code via crafted JavaScript strings,...

Debian: Security Advisory (DSA-2588-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kernel: tracing: NULL pointer dereference

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for write access to the 1 setftracepid or 2 setgraphfunction file...

Fedora Update for lighttpd FEDORA-2013-15345

Check for the Version of lighttpd OpenVAS Vulnerability Test Fedora Update for lighttpd FEDORA-2013-15345 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 18 Update: lighttpd-1.4.32-1.fc18

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...