CVE-2016-10009

It was found that ssh-agent could load PKCS11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running...

Remote msfconsole: msf-remote-console

Remote msfconsole A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to...

LDAP Code Injection

org.apache.karaf.jaas.modules is vulnerable to LDAP code injection. This is caused because the username is not encoded...

USN-3134-1: Python vulnerabilities | Cloud Foundry

USN-3134-1: Python vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information...

Auto Backdooring Utility: backdoorme

Auto Backdooring Utility Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.Backdoorme relies on having an existing SSH connection or credentials to the victim, through which...

PT-2016-3172

Name of the Vulnerable Software and Affected Versions Apache httpd versions 2.2.x through 2.2.32 Apache httpd versions 2.4.x through 2.4.25 Description The issue is related to the use of the ap get basic auth pw function by third-party modules outside of the authentication phase, which may lead t...

Denial of Service Vulnerability in Multiple Mitsubishi Electric MELSEC-Q Series Products

Mitsubishi Electric is a Japanese company. The affected products, QJ71E71-100, QJ71E71-B5 and QJ71E71-B2, are Ethernet interface modules used to connect MELSEC-Q series programmable controllers to host networks. A denial of service vulnerability exists in multiple Mitsubishi Electric MELSEC-Q...

Security Bypass Vulnerability in Multiple Mitsubishi Electric MELSEC-Q Series Products

Mitsubishi Electric is a Japanese company. The affected products, QJ71E71-100, QJ71E71-B5 and QJ71E71-B2, are Ethernet interface modules used to connect MELSEC-Q series programmable controllers to host networks. A security bypass vulnerability exists in multiple Mitsubishi Electric MELSEC-Q Serie...

Ipsilon Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers to provide federated authentication SSO to web applications with pluggable standalone modwsgi applications. A denial of service vulnerability exists in Ipsilon that can be exploited by an attacker to cause a denial of...

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerabilities (USN-3134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3134-1 advisory. It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this t...

[SECURITY] Fedora 25 Update: ansible-2.2.0.0-3.fc25

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

F5 Networks BIG-IP : TMM vulnerability (K87416818)

The Traffic Management Microkernel TMM may suffer from a memory leak while handling certain types of TCP traffic. CVE-2016-7476 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K87416818. The text description o...

[SECURITY] Fedora 24 Update: ansible-2.2.0.0-3.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Command Execution Vulnerability in the datetime Parameter of the Mixcall Seat Management System

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. A command execution vulnerability exists in the...

Unified Diagnostic Services Simulator: UDSim

Unified Diagnostic Services Simulator The UDSim is a graphical simulator that can emulate different modules in a vehicle and respond to UDS request. It was designed as a training tool to run alongside of ICSim. It also has some unique learning features and can even be used to security test...

openSUSE Security Update : virtualbox (openSUSE-2016-1226)

This update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 boo1005621. - Reduce memory needs during build. - Version bump to 5.0.28 released 2016-10-18 by Oracle This is a maintenance...

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

Twitter OSINT framework: Birdwatcher

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be...

CVE-2016-3635

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...

CVE-2016-3635

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...