Suricata 3.1 - Open Source IDS / IPS / NSM engine

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation OISF. Suricata is developed by the OISF and its supporting vendors. Top 3 Reasons You Should Try Suricat...

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...

NetworkMiner 2.0 - Network Forensic Analysis Tool (NFAT)

NetworkMiner is a Network Forensic Analysis Tool NFAT for Windows but also works in Linux / Mac OS X / FreeBSD. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the...

Debian DLA-341-1 : php5 security update

CVE-2015-6831 Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute...

MakeSFX.exe 1.44 - Local Stack Buffer Overflow

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Vendor: ================================ freeextractor.sourceforge.net/FreeExtractor...

Internet Bug Bounty: Files extracted from archive may be placed outside of destination directory

https://bugs.php.net/bug.php?id=70019...

MGASA-2015-0252 Updated p7zip package fixes security vulnerability

Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current...

[SECURITY] Fedora 20 Update: cabextract-1.5-1.fc20

cabextract is a program which can extract files from cabinet .cab archives...

Multi Gather RubyGems API Key

This module obtains a user's RubyGems API key from /.gem/credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather RubyGems API Key', 'Description' = %q This module obtains a...

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...

Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02C Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 18, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products using the Sieme...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-15 Miscellaneous memory safety hazards rv:28.0 / rv:24.4 MFSA 2014-16 Files extracted during updates are not always read only MFSA 2014-17 Out of bounds read during WAV file decoding MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key MFSA...

MGASA-2014-0090 Updated libtar package fixes security vulnerability

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...

CentOS 4 : unzip (CESA-2007:0203)

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...

[NetworkMiner v1.4.1] Network Forensic Analysis Tool (NFAT)

NetworkMiner is a Network Forensic Analysis Tool NFAT for Windows but also works in Linux / Mac OS X / FreeBSD. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the...

ChillyCMS 1.3.0 - Multiple Vulnerabilities

ChillyCMS 1.3.0 - Multiple Vulnerabilities Exploit Title: chillyCMS 1.3.0 Multiple Vulnerabilities Google Dork: "powered by chillyCMS" Date: 15 February 2013 Exploit Author: Abhi M Balakrishnan Vendor Homepage: http://chillycms.bplaced.net/ Software Link:...

Linux Gather PPTP VPN chap-secrets Credentials

This module collects PPTP VPN information such as client, server, password, and IP from your target server's chap-secrets file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Gather PPTP...

CVE-2012-2225

360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction...

Design/Logic Flaw

360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction...

CVE-2012-2225

360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction...