Directory traversal

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...

RAT-el - An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus...

Multiple Vulnerabilities in JP1/Automatic Operation

Overview Multiple vulnerabilities have been found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

kmod bug fix and enhancement update

The kmod packages provide various programs needed for automatic loading and unloading of modules under 2.6, 3.x, and later kernels, as well as other module management programs. Bug Fixes and Enhancements: Symbolic links are not created after applying an errata kernel BZ1915253...

ALBA-2021:0561 kmod bug fix and enhancement update

The kmod packages provide various programs needed for automatic loading and unloading of modules under 2.6, 3.x, and later kernels, as well as other module management programs. Bug Fixes and Enhancements: Symbolic links are not created after applying an errata kernel BZ1915253...

Micro Focus Operations Bridge Manager Local Privilege Escalation Exploit

This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will...

Micro Focus Operations Bridge Manager Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus Operations Bridge Manager Local Privilege Escalation', 'Description' = %q This module exploits an incorrectly permissioned folder in...

curl: CVE-2021-22876: Automatic referer leaks credentials

Summary: When using the --referer ';auto' feature the current URL is copied as-is to the referrer header of the subsequent request. The recommendation 1 is to strip these along with the URL fragment. I can imagine this may, in rare cases, result in unwanted/unexpected disclosure of credentials e....

XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically

Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too Installation Become root sudo su Install Node.js and npm https://www.npmjs.com/get-npm or sudo apt install npm Download this repo files or gi...

February 9, 2021 Servicing Stack Update (KB4601394)

None None...

OESA-2021-1032 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

Threat Roundup for January 22 to January 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 22 and Jan. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Setting automatic reboots when updating the Citrix VM Tools for Windows

When updating your Citrix VM Tools for Windows through Windows Update, multiple VM reboots can sometimes be required to complete the update. If all reboots are not completed, you might temporarily lose your static IP configuration. You can set a registry key that specifies the maximum number of...

Beware — A New Wormable Android Malware Spreading Through WhatsApp

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a li...

openSUSE Security Update : blosc (openSUSE-2020-2337)

This update for blosc fixes the following issues : Update to version 1.20.1 boo1179914 CVE-2020-29367 : - More saftey checks have been implemented so that potential flaws discovered by new fuzzers in OSS-Fuzzer are fixed now - BloscLZ updated to 2.3.0. Expect better compression ratios for faster...

Denial of Service Vulnerability in MB80-CPU721E

Nanrui Automatic Control is a high-tech entity integrating software development, hardware development, technical service, equipment production and system integration. A denial of service vulnerability exists in MB80-CPU721E, which can be exploited by attackers to cause a denial of service...

Denial of Service Vulnerability in MB80-CPU722E

Nanrui Automatic Control is a high-tech entity integrating software development, hardware development, technical service, equipment production and system integration. A denial of service vulnerability exists in MB80-CPU722E, which can be exploited by attackers to cause a denial of service...

Selea Targa IP OCR-ANPR Camera - CSRF Add Admin

Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and...

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Microsoft Defender Remote Code Execution Vulnerability Recent assessments: cdelafuente-r7 at January 13, 2021 3:55pm UTC reported: No useful information has been published so far and most of the speculations found online are based on the CVSS 3.0 metrics found in the advisory. That said, the atta...