vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which define the...

March 8, 2016, update for PowerPoint 2016 (KB3114847)

March 8, 2016, update for PowerPoint 2016 KB3114847 This article describes update KB3114847 for Microsoft PowerPoint 2016, which was released on March 8, 2016. This update has a prerequisite. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based...

Windows Photo Viewer prints white lines when you use an XPS driver to print photos in Windows

Windows Photo Viewer prints white lines when you use an XPS driver to print photos in Windows Symptoms Consider the following scenario: You install update 2670838 on a computer that is running Windows 7 or Windows Server 2008 R2. Or, you are using a computer that is running Windows RT, Windows 8,...

CloudBees Jenkins Artifactory plugin cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Artifactory Plugin is used in one of the...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...

DFIRtriage - Digital Forensic Acquisition Tool For Windows Based Incident Response

DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the roo...

8x8: Publicly accessible .svn repository - aastraconf.packet8.net

The server contained artifacts from an old SVN repository. The files were removed...

The story of Adobe Reader symbols

Posted by Mateusz Jurczyk, Project Zero Modern day security analysis of client applications is often hindered by the inaccessibility of their source code and other aids such as debug symbols. As a result, it is necessary to perform completely black-box reverse engineering of the software, in orde...

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

Hello! My name is Dtrack

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim's ATMs, where it could read and...

Incorrect Resource Transfer Between Spheres in eclipse-wtp

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

Windows File Enumeration Intel Gathering Tool 2.1

from subprocess import Popen, PIPE import sys,argparse,re NtFileSins v2.1 Fixed: save logic to log report in case no Zone.Identifiers found. Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet. Windows File Enumeration Intel Gathering. Standard users...

CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

UBUNTU-CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

CVE-2019-10753

CVE-2019-10753 details a vulnerability in Spotless where dependencies were resolved over HTTP in affected Eclipse tooling: eclipse-wtp <3.9.6, eclipse-cdt <9.4.4, and eclipse-groovy

CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...