65 matches found
Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services
I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...
openSUSE Security Update : MozillaFirefox (openSUSE-2019-1811)
This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...
OPENSUSE-SU-2019:1811-1 Security update for MozillaFirefox
This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...
SUSE-SU-2019:1861-2 Security update for MozillaFirefox
This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...
openSUSE Security Update : MozillaFirefox (openSUSE-2019-1782)
This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1869-1)
This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. CVE-2019-11712:...
SUSE-SU-2019:1869-1 Security update for MozillaFirefox
This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...
Sh00T - A Testing Environment for Manual Security Testers
A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...
Mail Security Testing Framework
Mail Security Testing Framework is a testing framework for mail security and filtering solutions. The mail security testing framework works with with Python =3.5. Just pull this repository and go ahead. No further dependencies are required. Usage The script mail-tester.py runs the tests. Read the...
APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Use Cases 1. POCs: Endpoint detection agents / compromise assessment tools 2. Test your security monitoring's detection capabilities 3. Test your SOCs response on a...
See my how-to the Apache fuzzing and dig to a value of 1500 knife of vulnerability-vulnerability warning-the black bar safety net
Target In the AFL in the view of the Apache httpd server's crash logs, I found a lot of problems. For example, some crash testing with example in fuzz testing tools internal collapse, but also affect the test program stability. In this article, I will talk to you to explain the test case to crash...
CVE-2017-9749
The regs macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution...
Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents
Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=762 In COleMemFile::LoadDiFatList, values from the header are used to parse the document FAT. If header.csectDif is very high, the calculation overflows...
java-1.8.0-openjdk security update
1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....
whatycms the presence of a remote code execution vulnerability-vulnerability warning-the black bar safety net
whatycms the presence of a remote code execution vulnerability Application features inurl:whatycms Test cases http://www.gpjh.cn/cms/whatycms/LoginFrameInput.jspx http://ghoa.dhu.edu.cn/jdhPro/UserLogin.action http://tc.js.edu.cn/cms/whatycms/ArtiSearch.do...
Rollingstone.com Cross Site Scripting
---------------------------------------------------------------------------------------------------- Title : Rollingstone.com reflected Cross Site Scripting XSS vulnerability Vendor : Wenner Media http://www.jannswenner.com/ Description : Rollingstone.com web-site is vulnerable to reflected...
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be...
php security update
5.1.6-27.3 - add security fix for CVE-2010-3870 626735 5.1.6-27.2 - fix varexport test cases 626735 5.1.6-27.1 - add security fixes for CVE-2010-1917, CVE-2010-3065, CVE-2010-2531, CVE-2010-1128, CVE-2010-0397 626735...
DEBIAN-CVE-2008-6235
The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...
CVE-2008-1096
The loadtile function in the XCF coder in coders/xcf.c in 1 ImageMagick 6.2.8-0 and 2 GraphicsMagick aka gm 1.1.7 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly...