WAGO PFC 200 SERIES Multiple Vulnerabilities

Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1292)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic,...

The Endorser - An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills

An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills. Check out the example digraph, which is based on mine and my colleagues David Prince LinkedIn profile. By glancing at the visualisation you can easily see, by the number of "arrows", there ...

Amazon Linux AMI : kernel (ALAS-2017-914) (BlueBorne)

stack buffer overflow in the native Bluetooth stack A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel...

MGASA-2017-0386 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netli...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...

Oracle Hyperion Unspecified vulnerability in Oracle Hyperion BI+ component (CNVD-2017-31831)

Oracle Hyperion is a suite of financial modeling applications from Oracle, which provides financial closure, report creation, etc. Oracle Hyperion BI+ is one of the business intelligence platform components that provides management reporting and analysis on any data source. An unspecified...

Oracle Hyperion Unspecified Vulnerability in Oracle Hyperion BI+ Component

Oracle Hyperion is a suite of financial modeling applications from Oracle, which provides financial closure, report creation, etc. Oracle Hyperion BI+ is one of the business intelligence platform components that provides management reporting and analysis on any data source. An unspecified...

CVE-2017-10312

Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful...

CVE-2017-10312

The CVE-2017-10312 entry concerns Oracle Hyperion BI+ UI/Visualization in Oracle Hyperion, affected version 11.1.2.4. The vulnerability is described as easily exploitable with network access via HTTP, requiring user interaction, and can lead to unauthorized access to data and possible unauthorize...

psad - Intrusion Detection and Log Analysis with iptables

The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set o...

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

CVE-2017-12188

The Linux kernel built with the KVM visualization support CONFIGKVM, with nested visualizationnVMX feature enabled nested=1, was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual addressgva. An L1 guest...

Web-based OSINT and Active Reconnaissance Suite: D0xk1t

Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source , self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers. Based off of the prior command-line script, D0xk1t is now fully capable of...

Open Distributed Threat Intelligence: Yeti

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...

Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS

Linux kernel built with the KVM visualization support CONFIGKVM, with nested visualizationnVMX feature enablednested=1, is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest...

Announcing the July ‘17 Release of Cb Defense

Editor's Note: If you are looking for the May 2017 Cb Defense release content, please scroll to the bottom of this page. This week, we’re happy to announce the rollout of the July ‘17 update of Cb Defense. Following the May ‘17 release, we heard a tremendous amount of positive feedback on the new...

[SECURITY] Fedora 24 Update: zabbix-3.0.9-1.fc24

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...