144 matches found
Design/Logic Flaw
Automatic Bug Reporting Tool ABRT before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums...
CVE-2013-4209
The CVE-2013-4209 entry concerns Red Hat ABRT (Automatic Bug Reporting Tool) before 2.1.6. The vulnerability allows a local attacker to obtain sensitive information from arbitrary files via vectors related to sha1sums, resulting in a partial confidentiality impact. Affected software: ABRT prior t...
Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser
Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...
Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking
Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...
Stable Channel Updates for Chrome OS
The Stable channel has been updated to 61.0.3163.113 Platform version: 9765.76.0 for most Chrome OS devices . This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...
getsploit - Command line utility for searching and downloading exploits
Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB , Metasploit , Packetstorm and others. The most powerful feature is immediate exploit source download right in...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 59.0.3071.91, 59.0.3071.92 Platform version: 9460.60.0, 9460.60.2 for all Chrome OS devices except the Google Chromebook Pixel 2015. This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be receiving updates over...
ownCloud: bug reporting template encourages users to paste config file with passwords
The dangerous bug reporting template ============================= The github bug reporting template for owncloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...
Nextcloud: bug reporting template encourages users to paste config file with passwords
The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 52.0.2743.116 Platform version: 8350.68.0 for all Chrome OS devices. This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...
setroubleshoot and setroubleshoot-plugins security update
setroubleshoot 3.0.47-12.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.0.47-12 - Don't use command.getoutput Resolves: CVE-2016-4445 setroubleshoot-plugins 3.0.40-3.1.0.1 - Add setroubleshoot-plugins-oracle-enterprise.patch 3.0.40-3.1 - Don't u...
BurpSuiteJSBeautifier - Burp Suite JavaScript Beautifier
Most of the websites compress their resources such as JS files in order to increase the loading speed. However, security testing and debugging a compressed resource is not an easy task. This is a Burp Suite open source extension which makes it possible to beautify most of the resources properly...
Shellsploit - New Generation Exploit Development Kit
Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Install/Uninstall If you want to use Shellsploit, you have to install Capstone first. For the Capstone's installation: root$ sudo pip install...
Red Hat Automatic Bug Reporting Tool任意文件写入漏洞
问题在abrt-action-install-debuginfo-to-abrt-cache 在默认的情况下,它会在/var/tmp/abrt-tmp-debuginfo-RANDOMSUFFIX创建一个临时文件,然后会下载rpm文件到这个文件夹,之后会进行解压,因为是临时文件夹,所以解压的路径不是这个,而是在/var/cache/abrt-di,但是因为这个文件夹并不是随机创建的,而且可预测性极强,所以我们可以提前创建这个文件夹,依靠控制unpacked.cpio这个文件,我们就能欺骗abrt-action-install-debuginfo提取一个我们可控制的cpio文件...
Red Hat Automatic Bug Reporting Tool权限获取漏洞
No description provided by source...
Red Hat Automatic Bug Reporting Tool Privilege Gain Vulnerability
Red Hat Automatic Bug Reporting Tool ABRT is a set of automated bug detection and reporting tools from Red Hat Red Hat. A security vulnerability exists in the abrt-hook-ccpp help process in Red Hat ABRT versions prior to 2.7.1. A local attacker with certain privileges could exploit this...
CVE-2015-5287
CVE-2015-5287 affects ABRT’s abrt-hook-ccpp prior to 2.7.1, enabling a local user with certain permissions to gain privileges via a symlink attack on a file with a predictable name (e.g., /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump). Publicly documented exploit paths incl...
CVE-2015-5273
CVE-2015-5273 affects ABRT and libreport: the abrt-action-install-debuginfo-to-abrt-cache helper allows a local attacker to write arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. Public advisories (RHSA/CESA) and distributed sec...
abrt, libreport security update
CentOS Errata and Security Advisory CESA-2015:2505 Updated abrt and libreport packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
[SECURITY] Fedora 21 Update: abrt-2.3.0-12.fc21
abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...