Node.js third-party modules: [expressjs-ip-control] Whitelist IP bypass leads to authorization bypass and sensitive info disclosure

I would like to report a unauthenticated access/authorization bypass issue in the expressjs-ip-control module. It allows to bypass the whitelist IP check in order to bypass the authorization check and possibly expose sensitive datas. Module module name: MODULE NAME version: MODULE VERSION npm pag...

Philips IntelliVue WLAN

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Philips Equipment: IntelliVue M3002A X2 MMS Transport Monitor/Module and IntelliVue MP monitors MP2/X2, MP5, MP20-MP90, MX600, MX700 and MX800 Vulnerabilities: Use of Hard-coded Password, Download of Code Without Integrity Check 2. RISK EVALUATION...

Node.js third-party modules: [reveal.js] XSS by calling arbitrary method via postMessage

I would like to report XSS in reveal.js It allows gaining access to the victim's account and performing actions on his behalf Module module name: reveal.js version: 3.8.0 npm page: https://www.npmjs.com/package/reveal.js Module Description A framework for easily creating beautiful presentations...

fileGPS - A Tool That Help You To Guess How Your Shell Was Renamed After The Server-Side Script Of The File Uploader Saved It

Introduction When you upload a shell on a web-server using a file upload functionality, usually the file get renamed in various ways in order to prevent direct access to the file, RCE and file overwrite. fileGPS is a tool that uses various techniques to find the new filename, after the server-sid...

ActiveReign - A Network Enumeration And Attack Toolset

Background A while back I was challenged to write a discovery tool with Python3 that could automate the process of finding sensitive information on network file shares. After writing the entire tool with pysmb, and adding features such as the ability to open and scan docx an xlsx files, I slowly...

CentOS 7 : keycloak-httpd-client-install (CESA-2019:2137)

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. Extended documentation: http://kiminewt.github.io/pyshark Python2 deprecation - This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy...

Ansible: gcp modules do not flag sensitive data fields properly

A flaw was found in the gcp module of ansible. Certain fields managing sensitive data should be marked by the nolog feature. The serviceaccountcontents, which is common class for all gcp modules, is not being set as nolog to True. Any sensitive data managed by that function would be leaked as an...

Ansible: gcp modules do not flag sensitive data fields properly

A flaw was found in the gcp module of ansible. Certain fields managing sensitive data should be marked by the nolog feature. The serviceaccountcontents, which is common class for all gcp modules, is not being set as nolog to True. Any sensitive data managed by that function would be leaked as an...

OpenSSH < 3.8p1 Multiple Vulnerabilities

Binary data 701169.prm...

Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code

A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on...

Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations

Iris WinDbg extension performs basic detection of common Windows exploit mitigations 32 and 64 bits. The checks implemented, as can be seen in the screenshot above, are for the loaded modules: DynamicBase ASLR DEP SEH SafeSEH CFG RFG GS AppContainer If you don't know the meaning of some of the...

icsmaster

This repository, cnforyou/icsmaster, is an ICS/SCADA security resource collection. It contains various tools and scripts for identifying and exploiting vulnerabilities in industrial control systems. The repository includes a list of dorks search terms for identifying vulnerable systems, as well a...

Security update for ansible (moderate)

openSUSE Security Update: Security update for ansible Announcement ID: openSUSE-SU-2019:1858-1 Rating: moderate References: 1109957 1112959 1118896 1126503 Cross-References: CVE-2018-16837 CVE-2018-16859 CVE-2018-16876 CVE-2019-3828 Affected Products: openSUSE Backports SLE-15-SP1 An update that...

UPDATE: SILENTTRINITY v0.3.0

PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...

Information Disclosure

ansible is vulnerable to Information Disclosure. serviceaccountcontents which is common class for all gcp modules does not set nolog to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks...

CVE-2017-18482

cPanel before 62.0.4 allows resellers to use the WHM enqueuetransferitem API for queueing non-rearrange modules SEC-213...

CVE-2017-18482

cPanel before 62.0.4 allows resellers to use the WHM enqueuetransferitem API for queueing non-rearrange modules SEC-213...

CVE-2019-7849

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...

CVE-2019-7849

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...