Mining of the virus through the Flash vulnerability propagation, a careful computer becomes mine machine-vulnerability warning-the black bar safety net

4 on 24 May, tinder the security team Alarm, the virus groups the use of Adobe Flash vulnerability propagation mining viruses. Virus gang the mining program implanted to the game download Station“52pk”, www.52pk.com when the user visits the website, the poison page to show after, without any...

CVE-2017-2923

An exploitable heap based buffer overflow vulnerability exists in the 'readbiffnextrecord function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...

National Consumer Protection Week

March 4–10 is National Consumer Protection Week NCPW, an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission FTC and its partners highlight free resources to help protect consumers. NCCIC/US-CERT...

Search engine shenanigans: Malwarebytes mentions aren’t what they seem

Thing might be a touch quiet at the moment as we ease into 2018, but that doesn't mean dubious antics and dodgy dealings aren't still making waves online. As a matter of fact, should you go searching for some of our researchers, their blog posts, or just a couple of notable quotables from news...

herodote.net XSS vulnerability

Open Bug Bounty ID: OBB-457495 Description| Value ---|--- Affected Website:| herodote.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

Unbreakable Enterprise kernel security update

4.1.12-103.9.2 - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' Brian Maly Orabug: 27037811 4.1.12-103.9.1 - xfs: use dedicated log worker wq to avoid deadlock with cil wq Brian Foster Orabug: 27013241 - scsi: scsitransportiscsi: fix the issue that iscsiifrx...

DorkNet - Selenium Powered Python Script To Automate Searching For Vulnerable Web Apps

Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save the...

Intrusion Detection Avoidance Payload Generator: NPS_Payload

This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Written by Larry Spohn @Spoonman1091 Payload written by Ben Mauch @Ben0xA aka dirtyben. This tool provides a way to generate a PowerShell payloa...

Fedora 26 : graphite2 (2017-d739368f0d)

1.3.10 - Address floating point build parameters to give consistent positioning results across platforms - Various bug fixes 1.3.9 - Add Collision COLLISSPACE to allow for visible spaces in collision avoidance - Add segment and pass direction information to tracing output . Bug fix rule length...

Fedora 24 : graphite2 (2017-e0a9e51dd5)

1.3.10 - Address floating point build parameters to give consistent positioning results across platforms - Various bug fixes 1.3.9 - Add Collision COLLISSPACE to allow for visible spaces in collision avoidance - Add segment and pass direction information to tracing output - Bug fix rule length...

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

Internet Bug Bounty: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization

The bug report at: https://bugs.php.net/bug.php?id=73367 The fix commit at: https://github.com/php/php-src/commit/0426b916df396a23e5c34514e4f2f0627efdcdf0...

Unbreakable Enterprise kernel security update

2.6.39-400.293.1 - logging errors that get masked to EIO inside drivers/block/loop.c Manjunath Patil Orabug: 21962821 - sched/core: Clear the rootdomain cpumasks in initrootdomain Xunlei Pang Orabug: 23518650 - bio allocation failure due to biogetnrvecs Darrick J. Wong Orabug: 23852442 - mlx4:...

kernel security and bug fix update

2.6.32-642.3.1 - infiniband security: Restrict use of the write interface Don Dutile 1332547 1332548 CVE-2016-4565 2.6.32-642.2.1 - sched Revert 'kernel: sched: Cure load average vs NOHZ woes' Rafael Aquini 1343015 1326373 - sched Revert 'kernel: sched: Cure more NOHZ load average woes' Rafael...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3572)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3572 advisory. 2.6.39-400.280.1 - Fix cpu bootup stall with large cpu count Zhenzhong Duan Orabug: 23481040 - megaraidsas : Update threshold based reply post host index...

NT IIS4 Log Avoidance Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/191/info An http get request against an IIS4 server will not be logged if the request is longer than 10150 bytes long. / Compile with eg Visual C++ and link with wsock32.lib include stdio.h include winsock2.h include...

cmseasy最新版存储型XSS+代码分析（可绕过xss防护机制）

简要描述： cmseasy 5.5.0.20140605 详细说明： bbs/ajax.php $data = array; $POST'content' = unescape$POST'content'; $data'aid' = isset$POST'aid' ? intval$POST'aid' : exit0; $data'tid' = isset$POST'tid' ? intval$POST'tid' : 0; $data'content' = isset$POST'content' ? $POST'content' : exit0; $data'username' =...

libxslt security update

1.1.26-2.0.2.el63.1 - Increment release to avoid ULN conflict with previous release. 1.1.26-2.0.1.el63.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.26-2.el63.1 - fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 - Fix direct patter...

Microsoft Research: Spammers Act Just Like HIV Virus In Avoiding Filters

Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. Thus, our use of the terms “virus,” and “worm.” Now it turns out that the links may not be so arbitrary, after Microsoft researchers discovered that tools they developed to dete...

The Social-Engineer Toolkit v1.5 Released

The Social-Engineer Toolkit v1.5 Released The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...