ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
03e5d4de487fd154177cf2b7a45600b1c8df783136e4f01a9ebc6104b3771008
glFusion version 1.3.0 suffers from a remote blind SQL injection vulnerability.
436ea226bb9dfb98db5db5fda741ecdc73e6900ba62889d9e67d56e87915048e
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
f82fb7fe0185bf5c2278fac46dcd75c361dd9b65b53a9aadacf52bdcaf58d951
In IE8 standards mode, it's possible to cause a use-after-free condition by first creating an illogical table tree, where a CPhraseElement comes after CTableRow, with the final node being a sub table element. When the CPhraseElement's outer content is reset by using either outerText or outerHTML through an event handler, this triggers a free of its child element (in this case, a CAnchorElement, but some other objects apply too), but a reference is still kept in function SRunPointer::SpanQualifier. This function will then pass on the invalid reference to the next functions, eventually used in mshtml!CElement::Doc when it's trying to make a call to the object's SecurityContext virtual function at offset +0x70, which results a crash. An attacker can take advantage of this by first creating an CAnchorElement object, let it free, and then replace the freed memory with another fake object. Successfully doing so may allow arbitrary code execution under the context of the user. This bug is specific to Internet Explorer 8 only. It was originally discovered by Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update.
1c003b48b2f0c41a3c3ef91938ebd714d766a2510222a8c5b84652445ec8f591
This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists on the opcactivate.vbs script, which is reachable from the APIBSMIntegrationImpl AXIS service, and uses WScript.Shell.run() to execute cmd.exe with user provided data. Note which the opcactivate.vbs component is installed with the (optional) HP Operations Agent component. The module has been tested successfully on HP SiteScope 11.20 (with HP Operations Agent) over Windows 2003 SP2.
02888ebdda6dc97a16fcb507f825f9cfbf26bc98824bc1efc03e5b0ff9d28b2f
Android FTP Serve version 1.2 exposes the configuration file with full read and write permissions. A malicious party can overwrite the credentials for the administrator and escalate privileges.
3dd744c0f1c0dd5fbffad80344f989d7b3436f5030e2d950967eb38f7e5aca7f
lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.
22b28f22eb3445ed1514953c24e30bf3feaacc1225a19332f50245982537c35f
Moodle versions 2.3.9 and below and 2.4.6 suffer from a javascript insertion vulnerability that allows for the addition of an RSS blog.
6c800321ff5da86e73199561fdef96721f8bc5417e76c8a405874d08d029a1a7
Ruby Gem Features version 0.3.0 suffers from a file injection vulnerability that can lead to cross site scripting.
c7a54aa106b7c9bed756067a2616950105a69b23c99d49249959d5fa0792fbd6
Watchguard Server Center version 11.7.4 suffers from a dll hijacking vulnerability with wgpr.dll.
b67a720d0a797532d0f3e4fea6a5b7cd8823f0a69b548c11cca0352f1007db8e
Ubuntu Security Notice 1948-1 - It was discovered that httplib2 only validated SSL certificates on the first request to a connection, and didn't report validation failures on subsequent requests. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the httplib2 library.
9a52785ec4e2cc7f14626c006c99565fa97fdc8e6944fa72227aa037f067d433
Mandriva Linux Security Advisory 2013-227 - A vulnerability has been discovered and corrected in easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue.
d56f8c3565be8c63463cce4e0e9d65136463c2d516b30db8705d1224c10d780d
Red Hat Security Advisory 2013-1218-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.
86c9f0a10099718fdb23e425ee225470603c1c725723f459d41aede2928769fd
Red Hat Security Advisory 2013-1219-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.
abee122a260a1c9a751e37c925b27cbfe84bafc8da70fcd05307e592d3ea0f77
Red Hat Security Advisory 2013-1217-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.
59e7da5d79addbf6d0e2afd386dbf5d968a3902d09a2c111b3eee38b33e88794
Red Hat Security Advisory 2013-1221-01 - Fuse Message Broker is a messaging platform based on Apache ActiveMQ that provides SOA infrastructure to connect processes across heterogeneous systems. It was found that, by default, the Apache ActiveMQ web console did not require authentication. A remote attacker could use this flaw to modify the state of the Apache ActiveMQ environment, obtain sensitive information, or cause a denial of service. This update delivers a README file which describes how to manually configure an XML properties file to fix this flaw. Back up existing Fuse Message Broker configuration files before making changes.
000553cc2879535243ceda3ad06ead5bc50253e906095e08d32a5ee81edc2fb5
Red Hat Security Advisory 2013-1220-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.
d1d48b044c8e81444b792c0b4be3f50ddb02185e3d592da856fb85d0a7fc4933
E-Local Business Directory suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
c1d4c9d5f50521e060fe033687d603aa630e392d325da34fe3e28f1eee8a7e6c
Real Estate PHP Script suffers from a cross site scripting vulnerability.
eb35f8e405da94d313757ebb8ae923971442c98b949e0e63c130d42119376e1e
This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10.
02521b6229ecb5c00ebc4a5b2081e20949f1c436bc6899cb1c51b9e3982be68b
Xoops version 2.5.6 suffers from multiple cross site scripting vulnerabilities.
732c016a214a226e7da6dcf115b40bb86fc5de7d0885d0e950ddf7520b2c2f01