F5 BIG-IP - Linux kernel vulnerability CVE-2015-7613

The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

OpenMRS 2.3 (1.11.4) - Expression Language Injection Vulnerability

Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - XML External Entity Processing

!/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary:...

Offensive Powershell Console: PSPunch

PSPunch combines some of the best projects in the infosec powershell community into a self contained executable. It’s designed to evade antivirus and Incident Response teams. 1. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the dotNet framework. 2. The modules th...

openSUSE Security Update : dracut (openSUSE-2015-846)

This update for dracut fixes the following issues : - Skip ibft setup via dhcp if dhcp ip is 0.0.0.0 boo953361 Added 0312-iscsi-skip-ibft-invalid-dhcp.patch - Modify 0169-enabled-warning-for-failed-kernel-modules-per-defau l.patch - Add notice boo952491 - Refresh patches with line offsets: M...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

CentOS 7 : autofs (CESA-2015:2417)

Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Oracle: Security Advisory (ELSA-2015-3101)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2015:2101 Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

Siemens SIMATIC Communicator Module Information Disclosure Vulnerability

Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 are communicator modules. Siemens SIMATIC CP 343-1 Advanced devices prior to version 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R-IE DNP3, CP 443-1 , CP 443-1 Advanced A security vulnerabili...

REXT - Router Exploitation Toolkit

Small toolkit for easy creation and usage of various python scripts that work with embedded devices. core - contains most of toolkits basic functions databases - contains databases, like default credentials etc. interface - contains code that is being used for the creation and manipulation with...

Design/Logic Flaw

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

SUSE SLED12 / SLES12 Security Update : dracut (SUSE-SU-2015:2065-1)

The dracut package was updated to fix the following security and non-security issues : - CVE-2015-0794: Use mktemp instead of hard-coded filenames, possible vulnerability bsc935338. - Always install mdraid modules bsc935993. - Add notice when dracut failed to install modules bsc952491. - Always...

Novell openSUSE dracut Package Symbolic Link Vulnerability

Novell openSUSE is a set of free Linux-based operating systems from the American company Novell. A security vulnerability in the modules.d/90crypt/module-setup.sh file in Novell openSUSE's dracut allows a local attacker to corrupt system files via a symbolic link attack in /tmp/dracutblockuuid.ma...

SUSE-SU-2015:2065-1 Security update for dracut

The dracut package was updated to fix the following security and non-security issues: - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability bsc935338. - Always install mdraid modules bsc935993. - Add notice when dracut failed to install modules bsc952491. - Always...

RHEL 7 : kernel (RHSA-2015:2152)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2152 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file...

kernel: crypto api unprivileged arbitrary module load via request_module()

A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel...

openssh: Privilege separation weakness related to PAM support

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users...

openSUSE Security Update : dracut (openSUSE-2015-765)

The dracut package was updated to fix the following security and non security issues : - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability bnc935338. - Always install mdraid modules boo935993. - Add notice when dracut failed to install modules bsc952491. %NASLMINLEV...

CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...