br.com.anteros:Anteros-Security-Spring (>=2.0.0 <=2.0.20), br.com.anteros:Anteros-Security-Spring-Mongo (>=1.0.0 <=1.0.5) +83 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.3.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =3.0.0.RELEASE, =1.0.4, =1.0.9 - com.github.lizixiang:triph-common =0.0.1-RELEASE and more Source cves: CVE-2018-15758...

UPDATED VERSION: RouterSploit 3.4.0

PenTestIT RSS Feed RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The...

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-all (>=4.7.11 <=4.8.2) +2474 more potentially affected by CVE-2018-11087 via com.rabbitmq:amqp-client (>=5.0.0 <=5.3.0)

com.rabbitmq:amqp-client MAVEN version =5.0.0, =4.5.0, =4.7.11, =1.12.0, =4.5.0, =4.5.0, =1.12.0, =1.12.0, =4.5.0, =1.12.0, =1.12.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.6.0 and more Source cves: CVE-2018-11087 Source advisory: OSV:GHSA-W4G2-9HJ6-5472...

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...

org.apache.camel:camel-atmosphere-websocket (=2.16.0), org.apache.camel:camel-example-cxf (=2.16.0) +19 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-http-common (=2.16.0)

org.apache.camel:camel-http-common MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-http-common and may be impacted: - org.apache.camel:camel-atmosphere-websocket =2.16.0 - org.apache.camel:camel-example-cxf...

org.apache.camel:camel-atmosphere-websocket (=2.16.0), org.apache.camel:camel-example-cxf-tomcat (=2.16.0) +8 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-servlet (=2.16.0)

org.apache.camel:camel-servlet MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-servlet and may be impacted: - org.apache.camel:camel-atmosphere-websocket =2.16.0 - org.apache.camel:camel-example-cxf-tomcat...

activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +325 more potentially affected by CVE-2018-8032 via axis:axis (>=1.2 <=1.4)

axis:axis MAVEN version =1.2, =1.2.5, =1.1.0, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2018-8032 Source advisory: OSV:GHSA-96JQ-75WH-2658...

puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

org.apache.storm:flux-core (>=1.1.0 <=1.1.2), org.apache.storm:storm-elasticsearch-examples (>=1.1.0 <=1.1.2) +14 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.1.0 <=1.1.2)

org.apache.storm:storm-core MAVEN version =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2018-8008 Source advisory: OSV:GHSA-898J-5CC8-CMF5...

org.apache.storm:flux-core (>=1.2.0 <=1.2.1), org.apache.storm:storm-elasticsearch-examples (>=1.2.0 <=1.2.1) +14 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.2.0 <=1.2.1)

org.apache.storm:storm-core MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.1 and more Source cves: CVE-2018-8008 Source advisory: OSV:GHSA-898J-5CC8-CMF5...

CVE-2018-18202

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password...

CVE-2018-17456

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

BYOB - Build Your Own Botnet

BYOB Build Your Own Botnet Disclaimer : This project should be used for authorized testing or educational purposes only. BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the...

Fancy Bear’s VPNfilter malware is back with 7 new modules

By Waqas Cisco’s Talos researchers have identified that Russia’s VPNfilter is way more dangerous than it is believed to be. The malware, which prompted the FBI to urge people to reboot their internet routers, contains seven additional third-stage modules that are infecting countless global...

Brave Software: RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context

Summary: \395737 has shown that Brave supports chrome://brave/ URLs. The Brave team introduced a patch which blocks navigation to chrome://brave and removed chrome.remote.require to prevent command execution on the machine. Navigation to chrome://brave via shortcut files From my understanding: 1...

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as...

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as...

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After reverse-engineering seven additional third-stage...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US

Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...

Node.js third-party modules: [http-live-simulator] Path traversal vulnerability

Module module name: http-live-simulator version: 1.0.6 npm page: https://www.npmjs.com/package/http-live-simulator Description this vulnerability is a bypass for the one found in this report in version 1.0.5 Steps To Reproduce: 1- Install the module : npm install -g http-live-simulator 2- Run the...