Monthly Archives: November 2014
SSLsplit 0.4.9
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
I2P 0.9.16
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Samhain File Integrity Checker 3.1.3
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
EllisLab ExpressionEngine Core SQL Injection
EllisLab ExpressionEngine Core versions prior to 2.9.0 suffer from multiple authenticated remote SQL injection vulnerabilities.
ImageMagick Out-Of-Bounds Read / Heap Overflow
ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.
DSA-3064 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. It has been
decided to follow the stable 5.4.x releases for the Wheezy PHP packages.
Consequently the vulnerabilities are addressed by upgrading PHP to a new
upstream version 5.4.34, which includes additional bug fixes, new
features and possibly incompatible changes. Please refer to the upstream
changelog for more information:
Vuln: Mozilla Firefox CVE-2014-1584 Security Bypass Vulnerability
Mozilla Firefox CVE-2014-1584 Security Bypass Vulnerability
Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
Vuln: RSA BSAFE Micro Edition Suite CVE-2014-0628 Denial of Service Vulnerability
RSA BSAFE Micro Edition Suite CVE-2014-0628 Denial of Service Vulnerability