Directory traversal

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory...

CVE-2017-11657

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory...

Fedora 25 : firewalld (2016-4dedc6ec3d)

Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIGINFO - Update AppData configuration file. - tests/firewalldrich.py: Use new import structure and FirewallClient classes - tests/firewallddirect.py:...

Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)

Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=871 Windows: NtLoadKeyEx Read Only Hive Arbitrary File Write EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7...

Fedora 24 : firewalld (2016-de55d2c2c9)

Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIGINFO - Update AppData configuration file. - tests/firewalldrich.py: Use new import structure and FirewallClient classes - tests/firewallddirect.py:...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-885)

The MozillaThunderbird package was updated to version 38.4.0 to fix several security and non security issues : Changes in MozillaThunderbird : - update to Thunderbird 38.4.0 bnc952810 - MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards - MFSA 2015-122/CVE-2015-7188...

Fedora 19 : python-rhsm-1.13.6-1.fc19 (2014-13794)

New features : - Send list of compliance reasons on dbus - Added client-side support for --matches on the list command. Security : - 1153375: Support TLSv1.2 and v1.1 by default. CVE-2014-3566 Bug fixes : - 1120772: Don't traceback on missing /ostree/repo - 1094747: add appdata metdata file -...

Tor-Powered Botnet Linked to Malware Coder's AMA on Reddit

In the process of analyzing a seemingly new and fairly small botnet called Skynet, Rapid7 security researchers determined that this was precisely the same network described by its creator in a particularly bold ‘Ask Me Anything’ AMA on the social news site Reddit earlier this year. Claudio...

Windows Gather Total Commander Saved Password Extraction

This module extracts weakly encrypted saved FTP Passwords from Total Commander. It finds saved FTP connections in the wcxftp.ini file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows...

Windows Gather Apple iOS MobileSync Backup File Collection

This module will collect sensitive files from any on-disk iOS device backups This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Gather Apple iOS MobileSync Backup File...