NewStart CGSL MAIN 4.05 : mercurial Vulnerability (NS-SA-2019-0104)

The remote NewStart CGSL host, running version MAIN 4.05, has mercurial packages installed that are affected by a vulnerability: - A flaw was found in the way hg serve --stdio command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute...

UPDATE: Ostinato 0.9!

PenTestIT RSS Feed This tool came to my rescue yet again today! If you remember, I had blogged about this tool in my older post titled - Ostinato: The Network Traffic Generator and Analyzer! As always, before using any tool I tried to update it and there it was - Ostinato 0.9. This update was...

VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS

VulnX Wiki • How To Use • Compatibility • Library • Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, information gathering and vulnerability Scanning of the target like subdomains, IP addresses, country, org, timezone,...

tcpdump 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads

tcpdump 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump source code...

tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads

Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump source code from GitHub, compiled with AddressSanitizer: --- cut --- ...

EulerOS Virtualization 2.5.1 : git (EulerOS-SA-2018-1377)

According to the versions of the git package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote,...

Dynamic API Call Tracer for Windows and Linux Applications: Drltrace

Drltrace is a dynamic API calls tracer for Windows and Linux applications designed primarily for malware analysis. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. Motivation Malware analysis is not an easy task. Sophisticated software packers like Themida and...

Scout2 - Security Auditing Tool For AWS Environments

Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...

AZL-7012 CVE-2018-13410 affecting package zip for versions less than 3.0-5

Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service invalid free and application crash or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an...

CVE-2018-13410

DISPUTED Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service invalid free and application crash or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in whi...

DEBIAN-CVE-2018-13410

Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service invalid free and application crash or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an...

PT-2018-3718

Name of the Vulnerable Software and Affected Versions Info-ZIP Zip version 3.0 Description The issue is related to the use of memory after it has been freed, which can allow a remote attacker to access confidential information or cause a denial of service. The vulnerability is associated with the...

SUSE-SU-2018:1874-1 Security update for zsh

This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...

DumpsterDiver - Tool To Search Secrets In Various Filetypes

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...

OPENSUSE-SU-2018:0543-1 Security update for lame

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain , range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of...

openSUSE Security Update : fossil (openSUSE-2017-1365)

This update for fossil to version 2.4 fixes the following issues : - CVE-2017-17459: Client-side code execution via crafted 'ssh://' URLs bsc1071709 The impact of this vulnerability is more limited than similar vectors fixed in other SCMs, as there is no known way to mask the repository URL or...

EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)

According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially craft...

CentOS 7 : git (CESA-2017:2004)

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

emacs, git, gitk, gitweb, perl security update

CentOS Errata and Security Advisory CESA-2017:2004 An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Debian cmdlineopts.clp write vulnerability

Debian is a free operating system created by the Debian Project Collaboration with Linux or FreeBSD as its kernel. grml-debootstrap is one of the packages used to install Debian systems. A security vulnerability exists in the cmdlineopts.clp file of grml-debootstrap in Debian. An attacker can...