Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. The problems affect the NMS300 product, a web-based system the company manufactures to help users monitor...

Windows-Exploit-Suggester - Tool To Compares A Targets Patch Levels Against The Microsoft Vulnerability Database

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. It requires the 'systeminfo' comman...

Oracle E-Business Suite Oracle Human Resources Self Service - Unspecified Vulnerability in Common Modules Component

Oracle E-Business Suite is a new generation of e-business suite from Oracle. An unspecified security vulnerability exists in the Oracle E-Business Suite Oracle Human Resources Self Service - Common Modules component, which could be exploited by remote attackers to submit a special request to acce...

CVE-2016-0512

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules...

Oracle: Security Advisory (ELSA-2016-3509)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2016-3510)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 Networks BIG-IP : SNTP vulnerability (K60352002)

SNTP processing would enter into an infinite loop when a crafted NTP packet was received. CVE-2015-5219 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K60352002. The text description of this plugin is C F5...

PageSpeed Modules (mod_pagespeed/ngx_pagespeed) Admin Pages accessible

The script attempts to identify Admin Pages of the PageSpeed Modules modpagespeed/ngxpagespeed. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

BackdoorMe - Powerful Auto-Backdooring Utility

Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility. Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3502 advisory. - KEYS: Don't permit requestkey to construct a new keyring David Howells Orabug: 22373449 CVE-2015-7872 - crypto: add missing crypto module aliases...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3503 advisory. - ipc/sem.c: fully initialize semarray before making it visible Manfred Spraul Orabug: 22250043 CVE-2015-7613 - Initialize msg/shm IPC objects befo...

[SECURITY] Fedora 23 Update: arts-1.5.10-30.fc23

arts analog real-time synthesizer is the sound system of KDE 3. The principle of arts is to create/process sound using small modules which do certain tasks. These may be create a waveform oscillators, play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the...

Scientific Linux Security Update : autofs on SL7.x x86_64 (20151119)

It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note: This...

PT-2018-03: Control Takeover in Siemens DIGSI 4 and EN100 Ethernet modules

The specialists of the Positive Research center have detected a Control Takeover vulnerability in Siemens DIGSI 4 and EN100 Ethernet modules. Vulnerability allows unauthenticated remote, low-skilled attackers to upload a modified device configuration overwriting access authorization passwords, an...

PT-2018-05: Unauthorized Firmware Modification in Siemens EN100 Ethernet modules

The specialists of the Positive Research center have detected an Unauthorized Firmware Modification vulnerability in Siemens EN100 Ethernet modules. Vulnerability allows unauthenticated attackers to upgrade or downgrade the firmware of the affected device including to older versions with known...

Mosca - Static Analysis Tool To Find Bugs

Just another Simple static analysis tool to find bugs like a grep unix command, at mosca have a modules, that was call egg, each egg is a simple config to find bug at especific language like PHP,Ruby,ASP etc... Example of egg config at directory "egg", If Mosca read a line with vunerability of eg...

Joomlavs - A Black Box, Joomla Vulnerability Scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself. How to insta...

bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability

bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...

Oracle: Security Advisory (ELSA-2015-3107)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...