Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

Authorization

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

CVE-2019-0279

CVE-2019-0279 concerns SAP BASIS: ABAP function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST. Connected sources confirm the issue arises from insufficient authorization checks in all circumstances for an authenticated user, enabling privilege escalati...

CVE-2019-0279

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

EulerOS Virtualization 2.5.3 : git (EulerOS-SA-2019-1183)

According to the version of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may...

Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the...

SUSE-SU-2019:13999-1 Security update for various KMPs

This update rebuilds missing kernel modules KMP to use 'retpolines' mitigations for Spectre Variant 2 CVE-2017-5715. Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm...

WinPwn - Automation For Internal Windows Penetrationtest

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensi...

CVE-2019-10251

The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files related to libpicsel, which allows MITM attacks...

CVE-2019-10250

UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks...

CVE-2019-10251

The CVE-2019-10251 entry concerns the UCWeb UC Browser on Android (pre-2020) that downloads modules tied to PDF/Office processing via libpicsel over HTTP. This insecure HTTP traffic enables man‑in‑the‑middle attacks against module downloads, exposing users to potential data interception or tamper...

CVE-2018-19016

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB includes 1756-EWEBK Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected...

CVE-2018-19016

CVE-2018-19016 affects Rockwell Automation EtherNet/IP Web Server Modules: 1756-EWEB (incl. 1756-EWEBK) <= v5.001 and CompactLogix 1768-EWEB

Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042

This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs. The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that the...

openSUSE Security Update : virtualbox (openSUSE-2019-943)

This update for virtualbox fixes the following issues : virtualbox was updated to version 5.2.22 released November 09 2018 by Oracle. Security issues fixed : - Fixed a guest-to-host excape via the e1000 virtual network driver bsc1115041. Non-security issues fixed : - Audio: Fixed a regression in...

Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely

Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices...

Authentication Bypass

Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and passwor...

CVE-2018-16563

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.35, Firmware variant MODBUS TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet module All versions, Firmware variant IEC104 for EN100 Ethernet module A...