Network Forensic Analysis Tool: Xplico

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

[SECURITY] Fedora 22 Update: openhpi-3.4.0-2.fc22

OpenHPI is an open source project created with the intent of providing an implementation of the SA Forum's Hardware Platform Interface HPI. HPI provides an abstracted interface to managing computer hardware, typically f or chassis and rack based servers. HPI includes resource modeling; access to ...

Tiger - The Unix security audit and intrusion detection tool

Tiger is a security tool that can be use both as a security audit and intrusion detection system. It supports multiple UNIX platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language. Tiger has some...

SUSE SLED11 / SLES11 Security Update : libgcrypt (SUSE-SU-2015:1626-1)

This update fixes the following issues : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. bsc920057 - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel...

openSUSE Security Update : libgcrypt (openSUSE-2015-566)

This update fixes two security vulnerabilities bsc920057 : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache...

Amazon Linux: Security Advisory (ALAS-2015-577)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CoreBot Credential-Stealing Malware

A new piece of data-stealing malware has a real thirst for credentials—and the potential for worse trouble down the line. IBM today published a report on CoreBot, generic information-stealing malware designed with enough flexibility to soon ramp up its capabilities to exfiltrate data in real time...

[SECURITY] Fedora 21 Update: uwsgi-2.0.11.1-1.fc21

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...

Debian: Security Advisory (DSA-3322-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 254-1] librack-ruby security update

Package : librack-ruby Version : 1.1.0-4+squeeze3 CVE ID : CVE-2015-3225 There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface. Carefully crafted requests can cause a SystemStackError and cause a denial of service attack by exploiting the lack of a...

[SECURITY] Fedora 22 Update: freecad-0.15-4.fc22

FreeCAD is a general purpose Open Source 3D CAD/MCAD/CAx/CAE/PLM modeler, a imed directly at mechanical engineering and product design but also fits a wider range of uses in engineering, such as architecture or other engineering specialties. It is a feature-based parametric modeler with a modular...

Medusa - Speedy, Parallel and Modular Login Brute-Forcer

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...

Portable Penetration Testing Distribution for Windows: PentestBox

PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 70% of penetration testing distributions users uses windows and provides an efficient platform for Penetration Testing on windows. It provides all security tools as a...

The Penetration Testers Framework (PTF) - Is a Way for Modular Support for Up-to-date Tools

A TrustedSec Project - The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep...

Bacula - Network Backup Tool for Linux, Unix, Mac, and Windows

Bacula is a set of computer programs that permits the system administrator to manage backup, recovery, and verification of computer data across a network of computers of different kinds. Bacula can also run entirely upon a single computer and can backup to various types of media, including tape a...

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

Xoops CMS 2.5.7.1 Cross Site Scripting

Hi Team, Affected Vendor: http://www.xoops.org/ Date: 24/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Xoops CMS Version: 2.5.7.1 Tested Link:...

Debian DLA-190-1 : libgcrypt11 security update

Multiple vulnerabilities were discovered in libgcrypt : CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

[SECURITY] [DLA 190-1] libgcrypt11 security update

Package : libgcrypt11 Version : 1.4.5-2+squeeze3 CVE ID : CVE-2014-3591 CVE-2015-0837 Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding...

DLA-190-1 libgcrypt11 - security update

Bulletin has no description...