This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfeApple Security Advisory 2015-06-30-4 - Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address account takeover, WebSQL database access, and various other issues.
65a4e7e1055cabeaafab321c18f2600435a9a6b41433f5acd7cbbed23fa24c05Apple Security Advisory 2015-06-30-3 - Mac EFI Security Update 2015-001 is now available and addresses EFI flash memory modification and memory corruption issues.
ebbd7372fb135d86e539aef139e47bf9c4652c9bcf24e4c3dc1455987a2a5f0eApple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.
36670a2c92a10eed9caf9afd9dd5f818e184e427c1eddb4da037e0aebc712907Apple Security Advisory 2015-06-30-1 - iOS 8.4 is now available and addresses denial of service, an incorrect issued certificate, arbitrary code execution, and various other flaws.
aa64c9a10b61a44ca9cbe32378688da43c9948d31f37b09253079d2bdffc2fbfFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
caf8607f90c09b613a5acce793a6ee44c801f19df790ef5d3d0d2b6adb7b2ef9Climatix BACnet/IP communication module versions prior to 10.34 suffer from a cross site scripting vulnerability.
458a1febedd253c8584384bbb9d17de8e4a7956a75d90bf89a092e566e6c8ce7X-Cart version 4.5.0 suffers from a cross site scripting vulnerability.
a1a11fb25f1d969aa8867050ba66d7dadc1bea3ee084a39151bfafd66a5e778fTimeDoctor autoupdate feature downloads and executes files over plain HTTP and doesn't perform any check with the files. An attacker with MITM capabilities (i.e., when user connects to a public wifi) could override the Timedoctor subdomain and then execute custom binaries on the machine where the application is running.
cf5cbb9e12db32d37835bd9deea463c5dc52c32a82f8ba56eb0159a2d82fdd01ManageEngine Password Manager Pro version 8.1 suffers from a remote SQL injection vulnerability.
e94365f40db69e762b193722e944c13b07b2ec92c6cd28f2760357708be97129Red Hat Security Advisory 2015-1199-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
e5a1e1dd505bcaf901fcce6a87890b352f055341ddeed92af1b9f0d702685faaUbuntu Security Notice 2652-1 - It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.
6f46b2383815d29117aacead537ddaa691f2fd9ff4b58a5c58b43e34f08ee76cRed Hat Security Advisory 2015-1197-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash.
d8b6ac26b5c98c2a2e05b182e2c52fafecb9fd3251e5d75bdd096181aa90c193This archive contains 183 exploits that were added to Packet Storm in June, 2015.
c485e814d9dca35aa730e3f9d1befce8762864f7f8245cfc3268dcdbe23f9958DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
411c04699a22c50951aa75875b1a22b2464b3a35528832023be17aa464c25f82
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed