Cross site request forgery (csrf)

IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507...

Logitech SqueezeCenter/Media Server CLI Detection

The script tries to identify services supporting Logitech SqueezeCenter/Media Server CLI interface. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

abeja-sdk (>=0.2.0rc1 <=1.1.0rc1), abejacli (>=1.0.2 <=1.0.2rc1) +492 more potentially affected by CVE-2018-20060 via urllib3 (>=1.10.2 <=1.22.0)

urllib3 PYPI version =1.10.2, =0.2.0rc1, =1.0.2, =0.18.0.3, =0.70.0, =0.0.1, =0.5.0, =1.1.0rc6, =0.8.0, =0.0.2, =0.1.3, =2.4.1, =2.5.1 and more Source cves: CVE-2018-20060 Source advisory: OSV:PYSEC-2018-32...

DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool

DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate...

[ASA-201812-3] wireshark-cli: multiple issues

Arch Linux Security Advisory ASA-201812-3 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 Package : wireshark-cli Type : multiple issues Remote : Yes Li...

CVE-2018-7066

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the...

Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Project Calico, the network CNI plugin used in IBM Cloud Kubernetes Service. In some scenarios, Calico will write configuration data in log files including service account tokens included in the configuration. This wi...

MEC v1.4.0 - Mass Exploit Console

massExploitConsole a collection of hacking tools with a cli ui. Disclaimer please use this tool only on authorized systems , im not responsible for any damage caused by users who ignore my warning exploits are adapted from other sources, please refer to their author info please note, due to my...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2018-1002105 DESCRIPTION: Kubernetes could allow a...

CVE-2018-19882

In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and application crash via a crafted svg file, as demonstrated by mupdf-gl...

CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service recursive calls followed by a fitz/xml.c fzxmlatt crash from excessive stack consumption via a crafted svg file, as demonstrated by mupdf-gl...

CVE-2018-6439

CVE-2018-6439 (Brocade Fabric OS configdownload) affects Brocade Fabric OS CLI; versions prior to 8.2.1, 8.1.2f, 8.0.2f, and 7.4.2d expose a local escalation bug in the configdownload command that lets a local attacker escape the restricted shell and gain root access. Affected products include IB...

CVE-2018-6439

A Vulnerability in the configdownload command of Brocade Fabric OS command line interface CLI versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access...

[SECURITY] Fedora 28 Update: wireshark-2.6.4-1.fc28

Metapackage with installs wireshark-cli and wireshark-qt...

NodeJsScan - A Static Security Code Scanner For Node.js Applications

Static security code scanner SAST for Node.js applications. Configure & Run NodeJsScan Install Postgres and configure SQLALCHEMYDATABASEURI in core/settings.py pip3 install -r requirements.txt python3 migrate.py Run once to create database entries required python3 app.py Testing Environment...

blockapps-vm (>=2.0.0 <=2.1.0), blockapps-web3 (>=1.1.4 <=1.1.6) +11 more potentially affected by CVE-2018-19183 via ethereumjs-vm (>=1.2.1 <=2.4.0)

ethereumjs-vm NPM version =1.2.1, =2.0.0, =1.1.4, =1.1.0, =0.0.2, =1.0.1, =3.0.4, =0.1.1, =0.0.1, =1.1.6, =1.1.41 - newstudio-lib =0.1.0 - remix-solidity =0.0.1 Source cves: CVE-2018-19183 Source advisory: OSV:GHSA-2MW7-WGGM-M6W3...

Network and Web Pentest Framework: Jok3r

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation : Manticore automatically generates inputs that trigger unique code paths Crash Discovery : Manticore discovers inputs that...

CVE-2018-15772

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the...

CVE-2018-15771

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI...