FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.
efa9652e44569c33fc4fee812a69f383c8001fe4f217c3d71994dbc05b3b72c3
FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.
3a671192f0facf33bd6129a2886a8ff9396192343746c6b576a400840ee63a00
Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".
ffa8d4a79d99689d850b8267b77bc648e3bd73f6426baa39b73870777ee69adb
Red Hat Security Advisory 2015-0092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
620c64a2aa97609a8171e047e7c827ed68c38df906fd7ea24237c738885f5d14
The Syrian Electronic Army SEANux linux distro version 1.0 suffers from a remote code execution vulnerability.
b080cc1a04a781bc198b71a73b2e7296a4626b1e7f06b5166036b5722ce7cf48
The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.
326b02ff487ef267ea4187e1de17d0c6aac589a200b5be40f35cf8784fed3930
Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.
12bcee98da8a2545e67c0fd61295e3e76c43d64f193a59bac3a91c594c824b90
The 0x90 International Cyber Security Conference has announced its Call For Papers. It will be help March 14th, 2015 in Chennai.
aec3207fc46069cdc097a620f0ac9ee14f3235262ee2a4b2ec49cef66965d5dd
Red Hat Security Advisory 2015-0091-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0 Release Notes.
bdf037afd49b398166324949f92dc7768a32136e17bc96f57b60fefd223c3a7c
Red Hat Security Advisory 2015-0090-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
344c688ffb8ddd28041911af7b947b4637ab2b0d272cf93ad900b34861ef6a7c
Ubuntu Security Notice 2485-1 - It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.
c7798887732cc742d95486b2a7043530084263b6462e11eafef68f99f3fe0843
Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
26074a481751614ed048aa65c68c0f68a31ac03ddd5cb0a7c9feb7060aa253ca
Debian Linux Security Advisory 3141-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service.
85e9d53006911d7744cffdc0582d48c49061e09c59b47fdd03a3858bc366ab24
Debian Linux Security Advisory 3140-1 - Multiple security issues have been discovered in the Xen virtualization solution which may result in denial of service, information disclosure or privilege escalation.
a2106c197e2e01397c5028ddbf50e4b1ec243676cc7ab6262b916a12ae043f69
Ubuntu Security Notice 2458-3 - USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. Various other issues were also addressed.
741324ee8837b8281a71616c36adb2d0af44e5dc3a322ae1f72ca546e720c2e4
FancyFon FAMOC version 3.16.5 suffers from a session fixation vulnerability.
d9ed306cd69939777d43977859a23d2b0d269c3652c90899c8652bcdeb2459ce
FancyFon FAMOC version 3.16.5 fails to mint one-way hashes without use of a salt.
b1d0a56de5c177ff2044a5a97d03ce257e2444febf937112e175e2fe8e4765a8
Multiple nasa.gov subdomains suffered from cross site scripting vulnerabilities.
6191218f1434ba043aed4a65a60f43793bbac40fe0e83ed770b31f5accb7a689
Proof of concept exploit that allows a local application to gain system privileges via CVE-2014-7911 and then root via CVE-2014-4322. The exploit included is for a Nexus 5 with Android 4.4.4 (KTU8P). The exploit may also work on other devices if the offsets of the rop chain are modified.
9bee54444ab6e873a99692c9254b7a2016b81c6a94b64203d4746a410081dac3
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
2fe5fbda0a86b5a594116d567fd9a4c2458d30f1c6670ba8e1fac0bc8848c69b