Ubuntu Security Notice 2091-1 - This update disables the OTR v1 protocol to prevent protocol downgrade attacks.
c785bdb9b935770e2dfc02fa917fcde92b56401145719f85d6cd84d605e27ca4
This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.
4051126d4a1554f5aa1a371e3823fe1746489da90272c4a0bd3f21fffb9a0ce0
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
191246e4649b609e4202d26d8789784f17b49c0d1ab475bc653ac4de35be5b5c
This whitepaper discusses how attackers use dictionary-based brute-force attacks to steal other people's bitcoins. Proof of concept tools are included.
d3b473fd72aba55764c5b793c9300a33b4bc94411e4282b14f400213f149aa0d
This Metasploit module exploits an arbitrary PHP file upload in the WordPress Amerisale-Re third party plugin.
1977a861af86c1bb609eab4c6885099d74ee40712c458de75397e40bdcfb1bea
LinPHA version 1.3.4 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
dd1112c814225c6d2b24116f1d99bcf78fed4941a42afe5ea7e7f980af1746d0
Amin'z Tech CMS suffers from remote shell upload and a remote SQL injection vulnerability that allows for login bypass.
c992e7712a27df499ae4bc3d17ca86548e65261cdd7eaa0f75a9c314525437d6
Drupal Tribune third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
8922901cd06fd3a4a6b5033006c05d50258b696c4b87a583e0b6d71bc6fbce48
Drupal Services third party module version 7.x suffers from multiple access bypass vulnerabilities.
2d54f256cc810c69585b7137d0fd722f6cc26ab73d4785ab51345dc1c38f18ce
NCH Software Inventoria version 3.45 suffers from a cross site scripting vulnerability.
013ce0474eb3119edf8938629f3cf1485ee96a3afaa5234d50e9c770f8c001ad
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
fb2cda4617d1625eeed6c9d9ba9aa64a72737f25b4b8bff588a69620d7c4f1cb
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
985394a529eb8e2dc205f756adfa22da2611ace7eea571d769bc2a3506915047
Gentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.
073b067938255df59111607a647be7a61207ceda164ae0bab0a2f2e8b3d64f0f
Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.
08788290f886b257bb5cf19d5da72a1cebe9c1902c834380c2cebb552a875e12
Red Hat Security Advisory 2014-0108-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor did not always lock 'page_alloc_lock' and 'grant_table.lock' in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw to cause a denial of service on the host.
8f46a6282e67a95809d58fc3a16c9ecccc57553d3af6f14af2ff8aeda8c5d557