Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Denial of Service (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-3896)

Summary Linux kernel as used in IBM Security QRadar Packet Capture is vulnerable to a Denial of Service Vulnerability Details CVEID: CVE-2019-11477 Description: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement SACK...

CVE-2019-16371

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...

Design/Logic Flaw

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...

CVE-2019-16371

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...

USN-4134-1 ibus vulnerability

Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user...

Friday Squid Blogging: How Scientists Captured the Giant Squid Video

In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Fedora Update for wireshark FEDORA-2019-23f7634765

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for wireshark FEDORA-2019-70e93298e3

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically

Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog Written by @SivaneshAshok PoC of hashcatch running...

Oil and Gas Firms Targeted By New LYCEUM Threat Group

Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails. The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments ...

Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. Extended documentation: http://kiminewt.github.io/pyshark Python2 deprecation - This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy...

CloudBees Jenkins XL TestView Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . CloudBees Jenkins XL TestView Plugin Authorization Issue vulnerability can be exploited by an attacker to capture credentials stored in Jenkins...

Adobe Prelude CC 2019 Insecure Library Loading (DLL Hijacking) Vulnerability

Adobe Prelude CC 2019 is a video recording and capture tool designed for intuitive and efficient media organizing and metadata entry, quickly tagging and transcoding video footage and creating rough cuts on the fly. An insecure library loading DLL hijacking vulnerability exists in Adobe Prelude C...

Vanilla: Stealing the ip addres from users

Hi team! Summary Pixel that steals your data. By creating an image in https://iplogger.org/ and inserting it in the forum we can steal some data ip, language, geo location of the users who see the message. Steps to reproduce + Set "wyswyg" on + Create an image from https://iplogger.org/ and use t...

CVE-2019-10386

A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...

CVE-2019-10387

A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

CVE-2019-10387

CVE-2019-10387 affects Jenkins XL TestView Plugin versions 1.2.0 and earlier. The root cause is a missing permission check in XLTestView.XLTestDescriptor#doTestConnection, enabling users with Overall/Read access to connect to an attacker-controlled URL using attacker-supplied credentials IDs and ...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...

Cross site scripting

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...