Design/Logic Flaw

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...

CVE-2019-7849

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...

metasploit-framework

This is an offensive tool for the Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for exploiting vulnerabilities in software applications. It is primarily used by security researchers and penetration testers to identify a...

Insecure Path Defaults

OpenSSL has Insecure Path Defaults. When installed on a Windows machine, the default OPENSSLDIR is C:/usr/local which is world writable. This allows an attacker to modify OpenSSL's default configuration, insert CA certificates, modify or even replace existing engine modules, etc...

Fedora Update for dtkcore FEDORA-2019-3d418f349c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: dtkcore-2.0.16.1-1.fc30

Deepin tool kit core modules...

Node.js third-party modules: Command Injection vulnerability in kill-port-process package

I would like to report a command injection vulnerability in the kill-port-process package. It allows an attacker to inject arbitrary commands. Module module name: kill-port-process version: 1.1.0 npm page: https://www.npmjs.com/package/kill-port-process Module Stats 0 downloads in the last day 13...

grapheneX - Automated System Hardening Framework

grapheneX In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically...

CVE-2018-11779

Technical details about CVE-2018-11779 are not provided in the supplied documents. Monitor for updates from official advisories.

Deserialization Of Untrusted Object

Apache Storm UI Deamon is vulnerable to deserialization of untrusted object. When it is using with storm-kafka-client or storm-kafka modules, it does not filter the input of untrusted bytes before deserialization, allowing an attacker to provide malicious bytes to abuse the logic of the applicati...

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research and exploitation. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is maintained by GeneBlue and appears to be a...

Code injection

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js...

System.Management.Automation subject to bypass via script debugging

Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Executive Summary A security feature bypass vulnerability...

EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It's a known fact that there are a very...

EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It's a known fact that there are a very...

Path traversal

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java from the package ghidra.app.plugin.core.archive via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis...

JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G

JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux...

SUSE-SU-2019:1860-1 Security update for xrdp

This update for xrdp fixes the following issues: Security issues fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key...

The vulnerability of Cisco AMP’s security tools for end devices stems from insufficient checks on dynamically loaded modules, allowing attackers to execute arbitrary code with AMP service privileges.

The vulnerability of Cisco AMP’s security tools for end devices stems from insufficient checks on dynamically loaded modules. Exploiting this vulnerability could allow attackers to execute arbitrary code with AMP service privileges...

Unauthorized Access Vulnerability in Longchamp U9300W, U9507C 4G Modules

LongSun Technology Shanghai Co., Ltd. is a supplier of IoT modules and solutions. An unauthorized access vulnerability exists in the U9300W and U9507C 4G modules of Longchamp Technology. An attacker can exploit the vulnerability to obtain root privileges...