Tarantella Enterprise Security Bypass Access Control Vulnerability

Tarantella Enterprise is a centralized data and application management tool that provides a Web management interface and runs on most Unix and Linux platforms. A security vulnerability exists in Tarantella Enterprise versions prior to 3.11. The vulnerability can be exploited to gain access to use...

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG’s standard s2k key-derivation-function + a simplified interface for symmetric encryption . VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and is designed...

MagniComp SysInfo Privilege Escalation Vulnerability (Linux/UNIX)

The version of MagniComp SysInfo installed on the remote host is prior to 10-H64. It is, therefore, affected by a privilege escalation vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...

Ghostscript Failed Restore Command Execution Exploit

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore grestore in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the...

Lynis 2.6.8 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2018-10804)

IBM DB2 is a relational database management system developed by IBM in the United States, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. A buffer overflow vulnerability exists in db2exmig and db2exfmt...

BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC Server Automation RSCD Agent NSH Remote ' \ 'Command Execution', 'Description' = %q This module exploits a weak access control check in the B...

BMC Server Automation RSCD Agent NSH Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC Server Automation RSCD Agent NSH Remote ' \ 'Command Execution', 'Description' = %q This module exploits a weak access control check in the B...

Lynis 2.5.9 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Lynis 2.5.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

ImageMagick heap buffer overflow vulnerability (CNVD-2017-14613)

ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick suffers from a heap buffer overflow vulnerability due to a failure to adequately define checking user-supplied data before copying it to a location with an insufficient buffer. An attacker could...

[SECURITY] Fedora 26 Update: lynis-2.5.0-1.fc26

Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...

[SECURITY] Fedora 25 Update: lynis-2.5.0-1.fc25

Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...

Patching CVE-2017-7494 in Samba: It’s the Circle of Life

With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm, today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 - affects versions 3.5 released March 1, 2010 and onwards of Samba, the defacto standard...

Lynis 2.5.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

ImageMagick Denial of Service Vulnerability (CNVD-2017-04571)

ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick has a security vulnerability in its implementation that allows a remote attacker to cause a denial of service via a constructed wpg file...

ImageMagick Denial of Service Vulnerability (CNVD-2017-04577)

ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick suffers from a denial of service vulnerability, which can be exploited by a remote attacker via a constructed dpx file...

Deepmagic Information Gathering Tool: DMitry

Deepmagic Information Gathering Tool DMitry Deepmagic Information Gathering Tool is a UNIX/GNU Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base functionality with the ability to add new functions, the basic...

Debian DSA-3607-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg...