Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.
432f99098884e80c6594d67b9edd44d3c6a943e78df04188f65f7a5a60c25b58
Wordpress Newletter plugin version 3.2.6 suffers from a cross site scripting vulnerability.
989ee39dd2aa266687be0d7eb57b6bd6a79938c363c3ad5149eb8eb735782f24
Ubuntu Security Notice 1823-1 - Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.
6bd1e9ff8b497160ca832c72224f6dece7c64aca1cfaba89925ec17810fc1f8a
www.netcraft.com suffered from a cross site scripting vulnerability.
634e49019e0df121608fd4d662505b0de9358f848a8db182c17e5f6f967896a9
Red Hat Security Advisory 2013-0823-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
7976d7f92951a88876a7eb7901961e1753ddc3c76e5eae1cb91cb6fd64c17c66
Red Hat Security Advisory 2013-0822-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b73c83c3cdb9c589a8c653747142c482009b5367d3fae38dcfb1512ad7a819be
Red Hat Security Advisory 2013-0820-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting attacks.
f0c1245adc420fe9949c729df1f1edad8e3e57cb43d7ebf94cf6c5176f6162b7
Red Hat Security Advisory 2013-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting attacks.
151d0654166b000317cd71fbfe25f8fc2e6199bb127056c2735148eaf59c71e0
Ubuntu Security Notice 1822-1 - Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.
ac25ce948a4dcc634750fd0f1b4fedb6a05de4dbbdb5cdf815be15b301fcf801
This bulletin summary lists 10 released Microsoft security bulletins for May, 2013.
a26e039e0ae06f15b7edb5fbed7be9df1e2279065255d905b7804d4990e672b6
Various WordPress plugins that embed video-js.swf suffer from cross site scripting vulnerabilities. These include Video Embed and Thumbnail Generator, External "Video for Everybody", 1player, S3 Video and EasySqueezePage.
5353566b47099624d07091f78ba99de22b3590171921393a6150f67e5e76fda4
Kloxo version 6.1.6 suffers from a local privilege escalation vulnerability.
05c8a48c93af3659880c9fc3c9b6dc020d3b89b769551432c305b8d9a7ee8d6f
Joomla Jnews version 8.0.1 suffers from an Open Flash-Chart cross site scripting vulnerability.
058c3d8323c683caf66eb576a0868269c46b8dbf04990cb5ef9bf2500850783c
Red Hat Security Advisory 2013-0815-01 - The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.
8ac681819050f76835e7e03059b14a970ed924170ecca367e162d301f1e59b63
Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
de89a99279e9adb00d0b31773b2d9e9f51a184329ffb6353fe9e05a836447a0b
ZedLog is a robust cross-platform input logging tool (or key logger). It is based on a flexible data logging system which makes it easy to get the required data. It captures all keyboard and mouse events, has a full GUI, and supports logging to a file and basic hiding.
834358374b6a141df9fbed51bebefa6c00e5fd27294858da6d36b6bbbdd7685b
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
045f5f0ecd20de83f65cd4ccb4ad415cf4c87bccad9fa04b9f1a6a2b8f4d4524
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
058e7950efdf8b9539ab79eb145de7be60d6cb7b92c0c011edda37e70135024c
Linux local root exploit that requires that PERF_EVENTS be compiled into the kernel. This has been fixed in 3.8.10. This bug apparently got backported from 2.6.37 into CentOS5 2.6.32 kernels.
2f5dc509c381d9e991e5bf9ec1e43911abf68baf1a9e3035473ddfd75ba8c11a
libtins is a high-level, multiplatform C++ library for crafting, sending, sniffing and interpreting raw network packets. Its main purpose is to provide the C++ developer an easy, efficient, platform and endianess-independent way to create tools which need to send, receive and manipulate specially crafted packets.
f788a658b1e9ed494fbc5e2a591ce0950e22dd97b7461a80be3d8c6c4de02f67
Gallery Server Pro suffers from a file upload filter bypass vulnerability.
abe9b8be02390c18d3fd7b1d380bed2c7bf844dfdb7bdc344eed391eeefc8cff
WHMCS version 4.5.2 suffers from a remote SQL injection vulnerability.
157cbb660d1d85c77b3a38c0c0bf3c21d9875acd83168e26264664cd19fa1450