Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

This Metasploit module exploits a stack buffer overflow in RM Downloader version 2.7.5.400 by creating a specially crafted .ram file allowing an attacker the able to execute arbitrary code.

vPhoto-Album version 4.2 suffers from a local file inclusion vulnerability.

The ICU library suffers from heap and integer overflows. Confirmed vulnerable are versions 52 through 54.

Dell SonicWALL Secure Remote Access (SRA) versions 7.5 prior to 7.5.1.0-38sv and 8.0 prior to 8.0.0.1-16sv proof of concept cross site request forgery exploit.

mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

Debian Linux Security Advisory 3251-1 – Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply() function called during a TCP connection, which is used then as a size argument in a function which writes data on the client’s connection. A remote attacker could exploit this issue via a specially crafted DNS request to cause dnsmasq to crash, or potentially to obtain sensitive information from process memory.

Ubuntu Security Notice 2594-1 – It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

Ubuntu Security Notice 2595-1 – It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service.

Mandriva Linux Security Advisory 2015-227 – This update provides MariaDB 5.5.43, which fixes several security issues and other bugs.