OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
2951ebc2a3e9a03333618ceda7fe2c00e16f880255d3d4f48068cd8164715944
Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.
a1a174bf53968f44a8d76eb7f7bf2481d5306ead2f09c68a726696b25e20edf1
D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration.
c1329b50cb25791144375301f318deb9c2bb5c9ab4b24f003828a94666df0172
Apple Security Advisory 2013-01-28-2 - Apple TV 5.2 is now available and addresses multiple security vulnerabilities.
42bab3685b63ecaaa1a338a87d718948262788e299652246eee46d5030ba1a1e
Apple Security Advisory 2013-01-28-1 - iOS 6.1 Software Update is now available and addresses multiple security vulnerabilities.
2dc7367b3d4bb04f6b00e22c62f360fcdc9286ad438bff55476607b328ce0475
Cisco Security Advisory - The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) devices contain a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol (SSDP) requests.
8c9ec518f9576f7d3ec9cf9045faff6035b5098412a401f43bfbeeb4c0a728b0
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
f2f13eb92aabdf5dc35dc7bc6bf3c0871c6c250dddadca85516f3dcb5686d4da
Ubuntu Security Notice 1708-1 - Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
382adae9f81677b0019c102b19cb2666bfdc504fe302ed2e7caa413ac0620235
Red Hat Security Advisory 2013-0203-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Support provides support and utility classes used by the Ruby on Rails framework. A flaw was found in the way Active Support performed the parsing of JSON requests by translating them to YAML. A remote attacker could use this flaw to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created JSON request.
43034685c3bfb65bd941bf354202fb7dea7eb46bb501ac09245ba42666e4f087
Ubuntu Security Notice 1710-1 - Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator's Swift credentials for a misconfigured or otherwise unusable Swift endpoint.
a8a09ccaeac158a8d29c02bde4efb94e0ca13120c3c4459c94dc77cda6d548ad
Ubuntu Security Notice 1709-1 - Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.
5177923a98c6ac3d386d478932348341849cee8513897b5d2a3b5446af35bc08
DACS is a light-weight single sign-on and role-based access control system providing flexible, modular authentication methods and powerful, transparent rule-based authorization checking for Web services, CGI programs, or virtually any program.
476c0bcb54920e49b43f398e6fecd02c9109784718c8b1415b4c1c7c75561c71
A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code. EMC AlphaStor version 4.0 prior to build 814 is affected.
c72b06bd5f6d41e9b7fe14bee9a1a610ea2db6a5ca209ce7002b36f8b6c212ec
This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.
24cbd02dad424b5fd7d67f805453ad43602a5c6137991b63c1de00f94e0d7407
Elgg versions 1.8.12 and 1.7.16 suffer from a cross site scripting vulnerability in the Twitter Widget module.
0320007144203c2cbfa4115016d3b9111ca9e9c639ff2e1bf920708cb685b296
DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.
f9fca371c6cc4a2c4cbce0576e95fe335c2ff36d4ec6b96f3b9230f8bf8b8d3a
PFsense UTM Platform version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
45926ded3475024d0aef4360545bac2b39e3270b21031d2fb34960a446010ee1
Apple QuickTime Player Windows version 7.7.3 suffers from an out of bounds read vulnerability.
3d60aec0fbab876dd922d47e86103c69e20f4e9c1f873e349d83a0f172ffc979
This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156. This Metasploit module has been tested successfully on RoR 3.0.9, 3.0.19, and 2.3.15. The technique used by this module requires the target to be running a fairly recent version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.
769b2cec718b2f5c0376d0da94e63d98f26719caaa5c210d5a2be3bf33552211
Adobe Reader XI versions 11.x suffers from a heap overflow vulnerability.
e93727de120b805345d02968f070046cb2ce10e3faee74ce008a6633a0fdb4d2
Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to compromise a vulnerable system.
f8f2fda08519a9751c5bdec67f2f996af84c0564cbc21d2d177e11974a90327f
Secunia Security Advisory - Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.
bf31505f8243f243eee6339db3047943e840bf3ecaa78659562ff9632e30bcb3
Secunia Security Advisory - Apple has acknowledged a vulnerability in Apple TV, which can be exploited by malicious people to compromise a user's device.
9840930a77fca2f4cd3842453968b09047974315d55c6d17541a095360789604
Secunia Security Advisory - Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.
31ff497d4f3b7b0479c3de4b8ce864679f6211c4c83c81478d03d0e11e141736
Secunia Security Advisory - Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to compromise an application using the library.
076b706834305678cddbf7a406c81d6a5f943cea3b01ae77f6b08edc8aea4bf3