Password Recovery Platform: Wavecrack

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat . The interface tries to be as user-friendly as possible and facilitates the password...

Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series, Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Not just announcement, but t...

[SECURITY] Fedora 26 Update: community-mysql-5.7.20-1.fc26

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 25 Update: WebCalendar-1.2.9-1.fc25

WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. MySQL, PostgreSQL, Oracle, DB2, Interbase, MS SQL Server, or ODBC is required. WebCalendar can be setup in a...

CVE-2017-9797

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...

Information disclosure

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...

CVE-2017-9797

The vulnerability CVE-2017-9797 affects Apache Geode clusters running versions prior to 1.2.1 in secure mode. An unauthenticated client can enter multi-user authentication mode and send metadata messages, which can disclose information about application data types and enable a denial-of-service a...

CVE-2017-9797

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...

[ASA-201709-14] lib32-libgcrypt: private key recovery

Arch Linux Security Advisory ASA-201709-14 ========================================== Severity: Medium Date : 2017-09-18 CVE-ID : CVE-2017-0379 Package : lib32-libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-403 Summary ======= The package lib32-libgcry...

[ASA-201709-13] libgcrypt: private key recovery

Arch Linux Security Advisory ASA-201709-13 ========================================== Severity: Medium Date : 2017-09-18 CVE-ID : CVE-2017-0379 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-402 Summary ======= The package libgcrypt before...

Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

MGASA-2017-0330 Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

CentOS 7 : mariadb (CESA-2017:2192)

An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

[SECURITY] Fedora 25 Update: community-mysql-5.7.19-1.fc25

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 26 Update: community-mysql-5.7.19-1.fc26

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

RHEL 7 : mariadb (RHSA-2017:2192)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2192 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded ...

Arachni v1.5.1 - Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is...

libXdmcp: weak entropy usage for session keys

It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System v2.1.6 [CNVD-2017-20678]

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.6 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain database information...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System status method

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system status method SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...