CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...

The vulnerability of the HLOS component of Qualcomm Secure Execution Environment allows a perpetrator to gain access to kernel modules beyond their authorized scope.

The vulnerability of the HLOS microprogramming software component of Qualcomm Secure Execution Environment for Android exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to kernel modules beyond their authorize...

explo - Human And Machine Readable Web Vulnerability Testing Format

explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable...

Important: Red Hat Security Advisory: ansible security update

An update for ansible is now available for Red Hat Gluster Storage 3.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM or Nexpose Rapid7's vulnerability management solutions with Metasploit our penetration testing solution is a lot like Cupid playing "matchmaker" with vulnerabilities and exploit modules. When a vulnerability scan is imported into Metasploit, many things happen under the hood...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...

Intel Active Management Technology Privilege Escalation Vulnerability

On May 1st, 2017, Intel released a security advisory titled Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege, also known as INTEL-SA-00075. The advisory details a vulnerability in the Intel Active Management AMT, Intel...

[SECURITY] Fedora 25 Update: python-fedora-0.9.0-3.fc25

Python modules that help with building Fedora Services. The client module included here can be used to build programs that communicate with many of Fedora Infrastructure's Applications such as Bodhi, PackageDB, MirrorManage r, and FAS2...

File Override

github.com/docker/docker is vulnerable to file override attacks. It allows local users to set Linux Security Modules LSM and dockert policies. It can be triggered through images that allow volumes to override files in /proc...

ECMAScript modules in browsers

ES modules are now available in browsers! They're in… Safari 10.1. Chrome 61. Firefox 60. Edge 16. import addTextToBody from './utils.mjs'; addTextToBody'Modules are pretty cool.'; // utils.mjs export function addTextToBodytext const div = document.createElement'div'; div.textContent = text;...

ECMAScript modules in browsers

ES modules are now available in browsers! They're in… Safari 10.1. Chrome 61. Firefox 60. Edge 16. import addTextToBody from './utils.mjs'; addTextToBody'Modules are pretty cool.'; // utils.mjs export function addTextToBodytext const div = document.createElement'div'; div.textContent = text;...

Bitrix Product and Modules Detection

Binary data bitrixdetect.nbin...

Operative Framework v1.0b - Fingerprint Framework

This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules Viadeo search, Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ... Dependency & launching pip install -r requirements.txt...

[SECURITY] Fedora 25 Update: ansible-2.3.0.0-3.fc25

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

MultiScanner - Modular File Scanning/Analysis Framework

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by...

F5 Networks BIG-IP : F5 management sshd vulnerability (K92140924)

An undisclosed traffic pattern received on an F5 management interface may cause the Secure Shell Daemon sshd to stop responding, resulting in a Denial-of-Service DoS. CVE-2017-6128 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5...

[SECURITY] Fedora 26 Update: ansible-2.3.0.0-1.fc26

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...