Electron may insecurely load Node modules

Overview Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript. Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron...

JVN#00324715: Electron may insecurely load Node modules

Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc.. Electron contains a flaw where the search...

IPv6 Validation Toolkit

The IPv6 framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled network. The built-in modules support enumeration of IPv6 features such as ICMPv6 and Multicast Listener Discovery MLD. In addition, the framework also supports enumeration of Upper Layer Protocol...

Black-Box CAN Network Analysis Framework: CANToolz

CANToolz is a framework forCANbus network and device analysis. This tool consist of various different modules which can be piped together and used by security researchers and automotive/OEM security testers for black-box analysis of any CANbus system. You can use this software for ECU discovery,...

Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities

Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities Vendor: Asbru Ltd. Product web page: http://www.asbrusoft.com Affected version: 9.2.7 Summary: Ready to use, full-featured, database-driven web content...

WordPress External Links Plugin <= 1.80 - Multiple Cross Site Scripting

This vulnerability allows remote attackers to inject malicious script codes to the application-side of the vulnerable modules. Solution Update the plugin...

Oracle: Security Advisory (ELSA-2016-3528)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2016-3529)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Warning about NPM modules | Cloud Foundry

Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...

USN-2935-3: PAM regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the...

USN-2935-2 pam regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pamuserdb module incorrectly us...

Fedora 22 : php-5.6.14-1.fc22 (2015-b24a52fc97)

01 Oct 2015, PHP 5.6.14 Core: Fixed bug php70370 Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions. Adam CLI server: Fixed bug php68291 404 on urls with '+'. cmb DOM: Fixed bug php70001 Assigning to DOMNode::textContent does additional entity encoding. cmb Mysqlnd: Fixed bug...

Fedora 23 : grub2-2.02-0.24.fc23 (2015-c3b4fef3af)

Rebuild without multiboot modules in the EFI image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

[SECURITY] Fedora 23 Update: perl-5.22.1-351.fc23

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 22 Update: octave-3.8.2-19.fc22

GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with Matlab. It may...

Fiyo CMS 2.0.2.1 Cross Site Scripting

Introduction Affected Product: Fiyo CMS 2.0.2.1 Fixed in: Fiyo CMS 2.0.6 Fixed Version Link: http://www.fiyo.org/blog/versi-2-0-6-banyak-perubahan-untuk-stabilitas Vendor Website: http://www.fiyo.org/ Vulnerability Type: Persistent XSS Remote Exploitable: Yes Reported to vendor: 28/12/2015 Fixed...

OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update fix for CVE-2015-7547 1296028. - Create helper threads with enough stack for POSIX AIO and timers 1301625. - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow 1296028. - Support loadin...

JReFrameworker - Practical Managed Code Rootkits for Java

This project aims to extend the work done by Erez Metula in his book Managed Code Rootkits: Hooking into Runtime Environments. The work outlines a tool ReFrameworker that claims to be a framework modification tool capable of performing any modification task, however the tool falls short in...