The TP-Link TL-WR840N configuration import suffers from a cross site request forgery vulnerability.
63593b69d72e14eb4a6be0af33ad97949161d5f778c7e9cef4a1c358dcb8f1c3
Mandriva Linux Security Advisory 2015-010 - Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption. Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled recursion. The updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues.
c6d3fb8e2291256c2ffa7ebc18c2e2af6b1ff1fb6c29df7b6b03169b2851ffd3
Mandriva Linux Security Advisory 2015-009 - In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals.
1a66beb70d388abd13f391729ee09c3c3ab7ea135bffcce2e60a5d01aefc19da
Mandriva Linux Security Advisory 2015-008 - Pwgen was found to generate weak non-tty passwords by default, which could be brute-forced with a commendable success rate, which could raise security concerns. Pwgen was found to silently falling back to use standard pseudo generated numbers on the systems that heavily use entropy. Systems, such as those with a lot of daemons providing encryption services, the entropy was found to be exhausted, which forces pwgen to fall back to use standard pseudo generated numbers.
80cc2333c7c50c504dc827ad1d060536fdc0aadaf9524d8db66cfe0cb0bc1869
Mandriva Linux Security Advisory 2015-007 - Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker's control. This would lead to a denial of service or, potentially, the execution of arbitrary code. Hanno Bck also reported a number of other crashes in unrtf.
7f042d489c3751c9a3e81a20bd973c58848867c5d533c87ac217dd97dedfcdb9
Mandriva Linux Security Advisory 2015-006 - In MediaWiki before 1.23.8, thumb.php outputs wikitext message as raw HTML, which could lead to cross-site scripting. Permission to edit MediaWiki namespace is required to exploit this. In MediaWiki before 1.23.8, a malicious site can bypass CORS restrictions in in API calls if it only included an allowed domain as part of its name.
55f965d16acb8a2eefac29ea499bb7a7659ddc1f8dcd15b64b55cea75c3d18b0
Ubuntu Security Notice 2456-1 - Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
7f4272feef6a66ff929086843b468985c782176a57765ca3dfe31b71f12b8b84
Debian Linux Security Advisory 3121-1 - Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files.
e084d5bbc81a1211023a31b18f84e2054ac2d83d2a0737a8ebee603cde4bfb21
Mandriva Linux Security Advisory 2015-018 - Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service by sending a zero length frame after a non-zero length frame.
0b48cd6cd2f94aa7f8e23c4350348a2336dee0bef3270aceae888cce5c9c8368
Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
bce77a4196de4ea6bb6b6218815a3818073546b6ac3237c482ea8db9d5f9801c
Mandriva Linux Security Advisory 2015-016 - The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification. the test_compr_eb() and the getZip64Data(). functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.
2983017324390dd5037ed1e826c1fce37b662d49dbc50811a2506c1b9ccb89e4
Mandriva Linux Security Advisory 2015-015 - The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock(). A specially crafted wav file can be used to trigger the vulnerabilities.
05e2d5eccde0f99b9b7535011b4133c0ed51d18513c2cfd97fd85d1ac0504c1c
Mandriva Linux Security Advisory 2015-014 - Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing.
1480d030f0547c607619e6e36a3bfa13cee3e02544d82f097558a2351d3bd8bd
Mandriva Linux Security Advisory 2015-013 - Multiple vulnerabilities were reported in ZNC version 1.0 which can be exploited by malicious authenticated users to cause a denial of service. These flaws are due to errors when handling the editnetwork, editchan, addchan, and delchan page requests; they can be exploited to cause a NULL pointer dereference. Adding an already existing channel to a user/network via web admin in ZNC causes a crash if the channel name isn't prefixed with '#'.
970e71d6039b6c18059f5ee8e560e681756bf406a5d8978414539c119729de1c
Mandriva Linux Security Advisory 2015-012 - A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
41a0c9c9522f6f9fdff27c05668307d91a8d61a209b5dce0e6310172d6657974
Red Hat Security Advisory 2015-0021-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.
203df84de870dffecb82bc367854e195d4239898e909778b18168808743a8101
Red Hat Security Advisory 2015-0020-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. It was found that python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks.
db2733dcb2cacdbcea7e501ffd9d1bce5a700ada5716c9221dd25060a49a090c
Mandriva Linux Security Advisory 2015-011 - A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality.
45862ddf8d02a45eb593c9aa3796b231b6204a70b54fdae6d3551fefb467715c
This is a perl script to bruteforce logins on WordPress.
e4fc872f857fd9c0a0f00dbc16b78a2d66efee57cb3bebc394f9630db8af7c35