SubCrawl - A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP

SubCrawl is a framework developed by Patrick Schläpfer, Josh Stroschein and Alex Holland of HP Inc’s Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of four components: input modules, processing modules, output modules an...

[SECURITY] Fedora 34 Update: libopenmpt-0.5.12-1.fc34

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.27)

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.27)

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Xmap - A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scannin...

Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

MGASA-2021-0475 Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

GHSA-P75J-WC34-527C Exposure of Sensitive Information to an Unauthorized Actor in ansible

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...

Exposure of Sensitive Information to an Unauthorized Actor in ansible

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...

CVE-2021-38297

A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang. Mitigation Mitigation for this issu...

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

Code injection

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

CVE-2021-42139

The CVE-2021-42139 issue affects Deno Standard Modules prior to 0.107.0, where code execution can be injected via an untrusted YAML file in certain configurations. Affected component: Deno Standard Modules (before 0.107.0). Root cause: insecure handling of YAML input leading to code injection. Im...

Viper - Intranet Pentesting Tool With Webui

Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper ha...

The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board, which is used for the ESP32 Wi-Fi/Bluetooth module series, allows a hacker to execute arbitrary code.

The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board for the ESP32 Wi-Fi/Bluetooth series modules is related to insufficient verification of input data. Exploiting this vulnerability could allow a remote attacker to...

go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data

The Go project reports: When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasmexec.js to execute WASM modules, users will need to replace their copy aft...

Mail.ru: [samokat.ru] PHP modules path disclosure due to lack of error handling

Hi security team @mailru we found a Information disclosure in phpproject in subsamokat.ru On one side of the server samokat.ru generates a full stack error trace instead of an HTTP 500 error. The complete error stack trace reveals the full path of the PHPConfiguration module directory on the...

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...