ALPINE-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

Preparing the Internet for the Next Mega DDoS Attack

When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...

Debian: Security Advisory (DSA-4430-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

USN-3944-1 wpa vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

XanXSS - A Simple XSS Finding Tool

XanXSS is a reflected XSS searching tool DOM coming soon that creates payloads based from templates. Unlike other XSS scanners that just run through a list of payloads. XanXSS tries to make the payload unidentifiable, for example: /cLIcKMe!XaNxss With XanXSS every payload is different. XanXSS wor...

GLSA-201903-13 : BIND: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-13 BIND: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to...

BIND: Multiple vulnerabilities

Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact BIND can improperly permit recursive query service to unauthorized clients possibly resulting i...

. NET advanced code audit（third class）Fastjson deserialization vulnerability-vulnerability warning-the black bar safety net

In Java Fastjson ever broke the plurality of deserialization vulnerabilities and Bypass version, and in. Net field also has a Fastjson library 作者官宣这是一个读写Json效率最高的的.Net components, using the built-in method JSON. ToJSON can be quickly serialized. Net objects. Let you easily achieve. Net of all...

openSUSE: Security Advisory for avahi (openSUSE-SU-2019:0197-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for avahi (moderate)

openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2019:0197-1 Rating: moderate References: 1120281 Cross-References: CVE-2018-1000845 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for avahi...

ISC BIND Allow-Recursion Vulnerability

According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.12, 9.10.7, 9.11.3, 9.12.0 prior to or equal to 9.12.1-P2, development release 9.13.0, 9.9.12-S1, 9.11.3-S1, or 9.11.3-S2. It is, therefore, affected by an allow-recursion vulnerability whi...

SUSE SLES11 Security Update : avahi (SUSE-SU-2019:13947-1)

This update for avahi fixes the following issues : Security issue fixed : CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

SUSE-SU-2019:13947-1 Security update for avahi

This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281...

openSUSE Security Update : avahi (openSUSE-2019-128)

This update for avahi fixes the following issues : Security issue fixed : - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

Security update for avahi (moderate)

openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2019:0128-1 Rating: moderate References: 1120281 Cross-References: CVE-2018-1000845 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for avahi...

PT-2019-10198 · Olivier Poitrey · Go Cors Handler

Name of the Vulnerable Software and Affected Versions: Olivier Poitrey Go CORS handler versions 1.3.0 and earlier Description: The issue arises from the active conversion of a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security desig...

SUSE SLED12 / SLES12 Security Update : avahi (SUSE-SU-2019:0179-1)

This update for avahi fixes the following issues : Security issue fixed : CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC Juicy', 'Description' = %q This module utilizes the...

Remote Code Execution

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator is vulnerable to remote code execution. It is possible because it does not enforce Java Security Manager JSM restrictions, thereby allowing the attacker to trigger restricted reflection calls via a malicious...