Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

This bulletin summary lists one bulletin that has undergone a major revision increment for August, 2015.

Logstash 1.5.3 and prior versions are vulnerable to a SSL/TLS security issue which allows an attacker to successfully implement a man in the middle attack. This vulnerability is not present in the initial installation of Logstash. This insecurity is exposed when users configure Lumberjack output to connect two Logstash instances. In such deployments, a Logstash instance is used to collect logs from a webserver and securely transmit them to a central Logstash instance to perform additional filtering and storing.

Apple Security Advisory 2015-08-20-1 – QuickTime 7.7.8 is now available and addresses arbitrary code execution and memory corruption issues.

WordPress Googmonify plugin version 0.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

VLC versions 2.2.1 and below suffer from an arbitrary pointer dereference vulnerability.

Ubiquiti Networks Community online service web application allows for malicious script code to be inserted in the filename.