H8Mail v2.0 - Email OSINT And Password Breach Hunting

Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...

Security Bulletin: IBM Security Information Queue reveals internal data in application error messages

Summary IBM Security Information Queue ISIQ reveals too much internal data when displaying application error messages. This data could be used by an attacker. As of v1.0.3, ISIQ's displayed errors are more terse. Detailed diagnostic data is only written to ISIQ log files. Vulnerability Details...

Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP

Summary The IBM Security Information Queue ISIQ web server defaults to HTTPS, but does not enforce it. This could result in users navigating to an unencrypted version of ISIQ's web application. As of ISIQ v1.0.3, HTTPS is now enforced. Vulnerability Details CVEID: CVE-2019-4162 DESCRIPTION: IBM...

Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack

Summary The IBM Security Information Queue ISIQ web application is vulnerable to a clickjacking attack in which an untrusted page could get embedded into another frame or object. As of v1.0.3, the ISIQ web server disallows browsers from embedding content. Vulnerability Details CVEID: CVE-2019-421...

Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases

Summary The initial versions of IBM Security Information Queue ISIQ disclose internal data left over from the product development and Beta phases. In most cases, the data is specific to ISIQ's development environment and not useful to an attacker. Some of it, however, such as ISIQ's exact HTTP...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability bsc1121967. - CVE-2019-6486: go security release, fixing crypto/elliptic C...

openSUSE: Security Advisory for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (openSUSE-SU-2019:1499-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:1506-1 Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability bsc1121967. - CVE-2019-6486: go security release, fixing crypto/elliptic CPU...

OPENSUSE-SU-2019:1495-1 Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one bsc1134524 This update was imported from the SUSE:SLE-15:Update update project...

Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (important)

openSUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Announcement ID: openSUSE-SU-2019:1506-1 Rating: important References: 1114209 1114832 1118897 1118898 1118899 1121397 1121967 1123013 1128376 1128746 1134068...

Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (important)

openSUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Announcement ID: openSUSE-SU-2019:1499-1 Rating: important References: 1114209 1114832 1118897 1118898 1118899 1121397 1121967 1123013 1128376 1128746 1134068...

Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root (important)

openSUSE Security Update: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Announcement ID: openSUSE-SU-2019:1495-1 Rating: important References: 1134524 Cross-References: CVE-2019-5021 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes o...

autoPwn - Automate Repetitive Tasks For Fuzzing

Warning Completely re-writing this right now. Focus will be on interactive Linux apps that only take input from stdin for starters. Attempting to use Shellphish's Driller and Fuzzer functionality. autoPwn in it's current state will do this in limited form. Simply run autoPwn ./binary then select...

Not to fix the vulnerabilities will affect all Docker versions-vulnerability warning-the black bar safety net

All versions of Docker are currently vulnerable to a“race condition”attacks, such attacks may allow an attacker to host any file on the system has read and write access permissions, the proof-of-concept code has been released. The vulnerability is similar to CVE-2018-15664, it is a hack to provid...

Amass - In-depth DNS Enumeration And Network Mapping

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the...

Threat Source newsletter (May 23)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity...

CVE-2018-15664

A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...

SUSE-SU-2019:1368-1 Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one bsc1134524...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444)

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability bsc1121967. - CVE-2019-6486: go security release, fixing crypto/elliptic C...

Sniffglue - Secure Multithreaded Packet Sniffer

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as...