Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
f4122ff853724483925246903a048d425313ffe1b980ca0134251f74d9fa5616
cFos Personal Net web server is vulnerable to a remote denial of service issue when processing multiple malformed POST requests in less than 3000ms. The issue occurs when the application fails to handle the data sent in the POST requests in a single socket connection causing heap memory corruption which results in a crash of the HTTP service. Version 3.09 is affected.
b6144b448a13b88a3946ba756a045ec300c090551bfe17fdc51afede9dfda1f8
jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.
95989cd8d69be3950435d2b8b421d281337ab209a2bdeb9f0d15a7d1b1f1dd76
In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible.
1b02e3ee3cd52232d9bdeb795f9c25b15c8bffd44b3b7df846a5d3306f54c9ea
Sitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.
1859ad139fce73986b747a807e4df86ff957af3afdcef4c65e307925c5dee454
This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length.
c130ea864e8a5752cbeeeb43cf5a566cbd9daeaef96e1462511173ae8e398614
Acunetix version 8 20120704 web vulnerability scanner buffer overflow exploit that bind a shell to port 4444.
879f64cf6211aef893d37bed01a4ca4cdf5f56e17b9792d44d59c20764edadb8
Acunetix version 8 20120704 remote stack buffer overflow exploit.
3c0f639db36d7bd8b9065927184e89a3674b276c02ba315541774202d0d39f77
HP Security Bulletin HPSBMU03020 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
459c9a6e9429ca0b8870610411c7acc83310004b610563f7e202a3d0fa9e5219
HP Security Bulletin HPSBPI03014 - A potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as "Heartbleed" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
049c19730dd5ae96d1817952229350dabe5a8e9991c63f15a5da28ea8fa0cee6
HP Security Bulletin HPSBHF03021 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletins objective is to notify HP customers about certain HP Thin Client class of products affected by the Heartbleed vulnerability. HP will continue to release additional bulletins advising customers about other HP products NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
d28a09d3c4eb226153bc5cf89a3008f9b22de526a2a0783ae2650ccab578a8a8
HP Security Bulletin HPSBHF03006 - A potential security vulnerability has been identified in HP Integrated Lights-Out 2 (iLO 2) servers that allows for a Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability). iLO 2 servers are not vulnerable to CVE-2014-0160. Revision 1 of this advisory.
2c31ae5d759fd83d28179ffff290a04922dadb56f15f88d62b7713369f7e3b64
HP Security Bulletin HPSBST03015 2 - A potential security vulnerability has been identified with HP 3PAR OS running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
0454ffb49cf0855b47c50c883a3c1120140696297d179ae6dae2e21fc0fe6774
HP Security Bulletin HPSBGN03011 - A potential security vulnerability has been identified with HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
5729e6f9d0b9af5336f4c41a88b4916c0cc567d11d4242057f238032355c68c6
Red Hat Security Advisory 2014-0436-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.0 offering will be retired as of June 26, 2014, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date. In addition, after June 26, 2014, technical support through Red Hat's Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat Storage 2.0 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
69f93eddbf14e5f65ed985b39105c646ee6490e4cb2d317fe9f64f99c0a403e5
Red Hat Security Advisory 2014-0435-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
65bcbea57d78d85c5b05751039889feb143cb53910b8e45ef7a82fd0655c3cad
Red Hat Security Advisory 2014-0433-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. A flaw was found in the way the Linux kernel handled HID reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
b57a17a2f5d3d72c9a217154739a3cbb03bbf2f12bdfef1de9f85b6b017b6f9f
Red Hat Security Advisory 2014-0434-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
fb7001b7ad03be3d30a012695c3087eed9911c97c37beafb408f143bab5c00dd
Red Hat Security Advisory 2014-0432-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
075fd0fdd907ed60e6ba8a3cbb2880072d49081da20fd0c0bcf9f6a99a4101b4
Ubuntu Security Notice 2172-1 - Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.
491356bd0784085e834b1ec5a4760e5bcb05c8453ae4e2c654c921d91138d2e1
Bonefire version 0.7.1 suffers from a flaw where it allows the reinstall of the default administrative account.
b26e50b64d2e9b10b2cf8fc4979479c002a557cc7955df1050997f5a49c13900
This whitepaper details how to perform wifi man in the middle attacks and then sniff the traffic for analysis afterwards using Wireshark.
ba682f01ac66297c006d03d6d6a391811b8546679c41f35d715ecb25f387a262
The Android application provided by Misli.com fails to validate SSL certificates, allowing for a man in the middle attack.
afb37fe1b489ec647c4343ae53ef337a2e9fc7269b286c109f804ad0ffa3db3e
The Android application provided by Birebin.com fails to validate SSL certificates, allowing for a man in the middle attack.
81e80c5e05043304d6c894a1d4b7e354fd2d65ecc2596fb719e6c2d589f3019a
mRemote offline password decryption tool that is based off of the enum_mremote_pwds.rb Metasploit module.
d4e0ead2bc4f639955a80e0da85fb7c321c2941332565051371936575e38f42e