2594 matches found
[SECURITY] Fedora 26 Update: glusterfs-3.10.6-4.fc26
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA or TCP/IP interconnect into one large parallel network file system. GlusterFS is one of the most sophisticated file systems in terms of features and...
A Managed Password Cracking Tool: GoCrack
FireEye’s Innovation and Custom Engineering ICE team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks. Simply deploy a GoCrack server...
Distributed File Analysis Framework: Assemblyline
Assemblyline is a scalable distributed file analysis framework . It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, ...
Fastest and Most Advanced Password Recovery Utility: Hashcat
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enab...
Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017
Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, s...
Nzyme - Collects 802.11 Management Frames And Sends Them To A Graylog Setup For Wifi Ids, Monitoring, And Incident Response
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog Open Source log management setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode. Think about this like a long-term months or years...
Vulnerabilities include the browser of the event log, settings of distributed switches, and the content library of the management server for virtual infrastructure VMware vCenter Server, which allows attackers to access confidential information.
The vulnerability of the event log browser, distributed switch configuration settings, and the content library of the VMware vCenter Server management server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to...
samba: SMB2 connections don't keep encryption across DFS redirects
A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack...
[SECURITY] Fedora 25 Update: mercurial-3.8.1-4.fc25
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial Extensions:...
TCPCopy - A TCP Stream Replay Tool
TCPCopy is a TCP stream replay tool to support real testing of Internet server applications. Description Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of...
USN-3426-1 samba vulnerabilities
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a machine-in-the-middle attack. CVE-2017-12150 Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote...
samba: SMB2 connections don't keep encryption across DFS redirects
A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack...
UBUNTU-CVE-2017-12151
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the...
Taking the Fight Where It Belongs
This Guest blog was written by Robert Mahowald, a Group Vice President at IDC who leads IDC's Worldwide Applications research practice, in addition to co-leading IDC's Cloud Services: Global Overview program. A surprising set of facts emerged from the most recent quarterly installment of IDC's...
CrackLord - Queue and Resource System For Cracking Passwords
CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...
Debian DSA-3963-1 : mercurial - security update
Several issues were discovered in Mercurial, a distributed revision control system. - CVE-2017-9462 fixed in stretch only Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. - CVE-2017-1000115...
[SECURITY] Fedora 26 Update: mercurial-4.2.3-1.fc26
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial Extensions:...
OpenJDK: incorrect handling of references in DGC (RMI, 8163958)
It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
DEBIAN-CVE-2015-7945
The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...
USN-3396-1: OpenJDK 7 vulnerabilities
It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...