Phorum version 5.2.19 suffers from open redirection and cross site scripting vulnerabilities.

Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.

EMC Documentum Content Server suffers from an arbitrary code execution vulnerability.

EMC Documentum Content Server suffers from a privilege escalation vulnerability.

Ubuntu Security Notice 2713-1 – Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.

Ubuntu Security Notice 2714-1 – Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.

Ubuntu Security Notice 2715-1 – Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

Ubuntu Security Notice 2720-1 – Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service.

Debian Linux Security Advisory 3338-1 – Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users’ session records to be evicted.

Red Hat Security Advisory 2015-1640-01 – Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary() function of PAM’s unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system.