MetalGenix GeniXCMS Denial of Service Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A security vulnerability exists in MetalGenix GeniXCMS versions prior to 1.1.0. A remote attacker can...

BSides Manchester: Malvertising – under the hood

I've talked about malvertising a fair bit at security events down the years and I was lucky enough to be able to add to the tally at this month's BSides Manchester conference. Whether your preferred variety is desktop, mobile, or even virtual/augmented reality, there's hopefully something here fo...

SQL Injection(CVE-2017-12650) and CSRF(CVE-2017-12651) Security Vulnerability in Loginizer

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery...

Unix Command Shell, Bind TCP (via R)

Continually listen for a connection and spawn a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 132 include Msf::Payload::Single include Msf::Payload::R include...

R Command Shell, Reverse TCP

Connect back and create a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 150 include Msf::Payload::Single include Msf::Payload::R include...

R Command Shell, Bind TCP

Continually listen for a connection and spawn a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 125 include Msf::Payload::Single include Msf::Payload::R include...

Algo VPN - Set up a personal IPSEC VPN in the cloud

Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. Features Supports only IKEv2 with strong crypto: AES-GCM, SHA2, and P-256...

Encrypted, Anti-Replay, Multiplexed Udp Tunnel: Udp2raw-tunnel

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrpyted, Anti-Replay and Multiplexed. It also acts as a Connection Stabilizer. Features Send / Receive UDP Packet with fake-tcp/icmp headers...

Linux Ad & Malware Blocking Script: Hostsblock

Hostsblock is a bash script designed to take advantage of /etc/hosts file to provide system-wide blocking of internet advertisements, malicious domains, trackers, and other undesirable content. To do so, it downloads a configurable set of blocklists and processes their entries into a single...

Not for Russians

Let's talk about web-site blocking. Not about cases of government censorship, not about cases where content is blocked for copyright reasons and not even about sanctions. I want to pay attention to the cases when companies block access to their own sites voluntarily for user from the whole countr...

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

[SECURITY] Fedora 25 Update: nodejs-6.11.1-1.fc25

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 24 Update: nodejs-4.8.4-6.fc24

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 26 Update: nodejs-6.11.1-1.fc26

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Multiple IBM products strongly certified to bypass vulnerabilities

The IBM License Metric Tool and BigFix Inventory are both products of IBM Corporation of America. The former is a set of free tools that help IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU licensing needs, and the latter is a soluti...

WakaTime: Blocking users to sign up on the site

Dear sir, This may be a low priority issue,but has the importance to resolve at your priority.I request you to think over this report,because this vulnerability is not a spam on many other sites. URL:- https://wakatime.com/signup https://wakatime.com/login Vulnerability:- -Attacker can block user...

RUSTSEC-2017-0008 `serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

`serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

Design/Logic Flaw

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters...

CVE-2015-2692

The CVE-2015-2692 vulnerability affects the AdBlock extension prior to version 2.21. A remote attacker could cause the extension to block arbitrary resources on arbitrary websites and disable arbitrary blocking filters. The NVD entry notes this as a network-based, low complexity issue with no aut...