Mandriva Linux Security Advisory 2015-050 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
dd7de176b34a952d25575c635b880b8c9dc41848d647c7ceb42a7c5c8cf1b677
Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This Metasploit module has been tested on the STBN300 device.
0487fb38d28fb3a16f1e6da5666a62aa264281d650c6fa4c8f45c8249d44e294
HP Security Bulletin HPSBST03274 1 - Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). Revision 1 of this advisory.
313530fb85dcd9b7a5909c43c1a9174d841e98c3f656b77b47c738ae47f3844e
D-Link DIR636L suffers from a remote command injection vulnerability.
df7948a9c798ebc1230638924d141d539e501afcc6de8a28a912424e4ab221c5
Slim PHP Framework versions 2.5.0 and below suffer weak cryptographic implementations.
7304a663661117ba1736dac58d918a2592aaf4e52793385fbe106cd9354f2843
The RV4sec 2015 Call For Papers has been announced. It will be held June 4th through June 5th, 2015, in Richmond, Virginia, USA.
5ac341361c8658ff0a4f5d4ecf5fa9a5eb345e264afdb9642fcf2bb5d7cee691
WordPress Calculated Fields Form plugin versions 1.0.10 and below suffer from a remote SQL injection vulnerability.
7e5962ac72858caaf2fb0139e1f2f9b4b15c8955c0374349c4d59471e823a696
ECCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
9eeb234bbd8787625b39c3f09b64e83fd61a9ce1aa037d29a827c35e31e2de3b
Mandriva Linux Security Advisory 2015-049 - A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.
4e612da94a75e94c7020c6ebba6df495936f1935a1e11297c6fb9e1c656627dc
Ubuntu Security Notice 2516-2 - USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.
76903f6b56698c4952e01e1d34693ec01de15214367c1003f5d4153b94ec442f
ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.
44ffb91b51da80df29764e37e1a573311e6d31e296f500dfaa2f621352facdf5
BEdita CMS version 3.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
343b3785e6e18f998615ce4afd69ac29404e76178c8291bcfbbabc530815a3e4
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
4af67f178eb58a164b5111e77b240cd7ee040f47573670c05d5a9905efc16e21
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
a61882d75d8479cc731747b0d2682c513a28bb1ec35244e7dadceb22767f2277
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
aa1298ddf2533503468e7415c2de8808d48b8fac52f00905dd6dbef860a455f8
Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities.
4a9ca90086f920fbde41283b2de6cf6ada62459dae9b0d0f5aea2a02e800c26e
NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from multiple remote file inclusion vulnerabilities.
53f795f8a60c40bb0d2cabd0e643847a187fa5fa0ed2aed87c4340b11bb7fd27
This archive contains all of the 146 exploits added to Packet Storm in February, 2015.
fe470aa6494680f0b9f1494501103139ce6bb81434637f768cd7218e7acd9df9
Swiss File Knife version 1.7.4 suffers from a buffer overflow vulnerability.
bd1750a260505e80621dabe4def52528b4f6d76e51e6c987af5b67be5f14be0c
WordPress WP All Import plugin versions 3.2.3 and below suffer from a remote shell upload vulnerability.
c38ce943c8d2cafa463b95e04fd56a3eb2837ceab61b895ff74cbe8f9c336f12
tmap is a fast multi-threaded port scanner that tunnels through TOR.
db20e08df203cb56e43fdac32a8d5e55b9a58acd729cf037136a8348620e6350
WordPress Photocrati theme version 4.x.x suffers from a remote SQL injection vulnerability.
158866c77fdda9bb7fca9fe0eb1c0d0c13e28fbfc60ee9b15419d6a2c013d733
79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.
318b8a39ccbe95150914624284fab185bb8e44b9b248cd2b89f8701e7946d1e9
Piwik fails to perform signature validation when running updates.
b828fa052cbba603a1c31b4b2e170441da3919c6b79028adaa375fa4614c688a
Ubuntu Vivid Upstart suffers from a logrotate privilege escalation vulnerability.
57ba2d59b5541f853776351cd1d83860c51f823ac02e23145009c9b6c6f926b2