Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: January 9, 2018

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: January 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these...

KLA11172 Multiple vulnerabilities in Microsoft Development Tools

Multiple serious vulnerabilities have been found in Microsoft .NET Core, ASP.NET Core, Microsoft Excel and Microsoft Office Compatibility Pack. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions and gain privileges...

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...

Security Updates for Microsoft Office Compatibility SP3 (January 2018)

The Microsoft Office Compatibility Pack products installed on the remote host are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in...

App Layering: Nutanix AHV 5.5 support requires ELM 4.9 or above

App Layering 4.8 and before is not compatible with networking changes in Nutanix AHV 5.5. Depending on the operation you are performing, you may see any of these errors: Failed to connect to the server at 'host' A failure occurred connecting to the Nutanix server. Error = write EPROTO...

Carbon Black Solutions Currently Compatible With Major OS Vendor Patches on Meltdown & Spectre

Recently, researchers have released details on two classes of vulnerabilities in modern CPU hardware. These vulnerabilities affect unprecedented numbers of systems and are some of the more difficult issues to address in recent history. These vulnerabilities, dubbed Meltdown and Spectre, may be...

KLA11168 Multiple vulnerabilities in Microsoft SQL Server

Multiple information disclosure vulnerabilities have been found in Microsoft SQL Server. Malicious user can exploit these vulnerabilities to obtain sensitive information. These vulnerabilities can be exploited remotelly via speculative execution side-channel attack to obtain sensetive information...

Joomla YJ Live Search 2.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site Scripting Credit: Bilal KARDADOU Vendor: http://www.youjoomla.com URL: http://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html Product: 'Joomla...

Blocking Windows Update from going to the next Windows 10 Feature Update (for example 1703 or 1709)

Citrix App layering, and probably other Citrix products, may not yet support the very latest version of Windows 10. For instance, Windows 10 1703 Creators Edition was not supported in App Layering until version 4.8. Unfortunately, "Feature Updates" are hard to block, because the Windows Update UI...

[SECURITY] Fedora 27 Update: python34-3.4.7-2.fc27

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

CryKeX - Linux Memory Cryptographic Keys Extractor

CryKeX - Linux Memory Cryptographic Keys Extractor Properties: Cross-platform Minimalism Simplicity Interactivity Compatibility/Portability Application Independable Process Wrapping Process Injection Dependencies: Unix - should work on any Unix-based OS BASH - the whole script root privileges...

[SECURITY] Fedora 27 Update: linux-firmware-20171126-80.git17e62881.fc27

This package includes firmware files required for some devices to operate...

[SECURITY] Fedora 26 Update: docker-1.13.1-44.git584d391.fc26

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Frame replay vulnerability in Wi-Fi subsystem in Intel® Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle

Summary: A vulnerability relating to frame replay during device sleep has been identified in the Intel® Dual-Band and Tri-Band Wireless-AC Products. An attacker who can successfully establish a channel-based man-in-the-middle can potentially replay frames to impact the integrity or availability o...

Zeus-Scanner - Advanced Reconnaissance Utility

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...

[SECURITY] Fedora 26 Update: compat-openssl10-1.0.2m-1.fc26

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1...

TLS Version 1.0 Protocol Detection

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible. As of...

Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-37106)

Microsoft Office 2010 and others are products of Microsoft Corporation.Microsoft Office 2010 is an office software suite.Office Compatibility Pack SP3 is an Office compatibility pack. A remote code execution vulnerability exists in Microsoft Office that stems from the program failing to properly...

Fedora 26 : firefox (2017-b410301903)

Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ ---- Update to Firefox 57 a.k.a. Quantum This update may break...

Fake Sandbox Processes (FSP) - Tool to simulate fake processes of analysis sandbox/VM software

This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script made by @x0rz in the orig directory. You can also download my slightly optimized script in the main directory. The file is named fsp.ps1...