[SECURITY] Fedora 31 Update: varnish-6.3.2-3.fc31

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...

ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions

Scoring Engine for Red/White/Blue Team Competitions Getting started Download Docker. If you are on Mac or Windows, Docker Compose will be automatically installed. On Linux, make sure you have the latest version of Compose. If you're using Docker for Windows on Windows 10 pro or later, you must al...

MantisBT < 2.21.3 XSS Vulnerability - Windows

MantisBT is prone to a cross-site scripting vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

MantisBT < 2.21.3 XSS Vulnerability - Linux

MantisBT is prone to a cross-site scripting vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH

As far as I know, sshuttle is the only program that solves the following common case: Your client machine or router is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh. You don't necessarily have admin access on the remote network. The remote network has no VPN, or only...

Zelos - A Comprehensive Binary Emulation Platform

Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...

SUSE-RU-2020:0671-1 Recommended update for SUSE Manager Proxy 4.0

This update fixes the following issues: mgr-osad: - Take care that osad is not disabled nor deactivated during update bsc1157700, bsc1158697 patterns-suse-manager: - Add recommends for virtualization-host-formula to sumaserver pattern - Add recommends for virtualization-host-formula to retail...

SUSE-SU-2020:0668-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction bsc1165784. - Fixed an issue where pthread were not always locked correctly bsc1164505. - Document mprotect and introduce section on memory protection bsc116318...

FuzzBench - Fuzzer Benchmarking As A Service

FuzzBench is a free service that evaluates fuzzers on a wide variety of real-world benchmarks, at Google scale. The goal of FuzzBench is to make it painless to rigorously evaluate fuzzing research and make fuzzing research easier for the community to adopt. We invite members of the research...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...

Node.js: Node.js: TLS session reuse can lead to hostname verification bypass

The Node.js TLS library supports client side reuse of TLS sessions when multiple connections to the same server are opened. Code that wants to use this feature can listen for the 'session' event https://nodejs.org/api/tls.htmltlseventsession on a tls.TLSSocket to get notified of newly created TLS...

dnsFookup - DNS Rebinding Toolkit

DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...

openSUSE Security Update : python3 (openSUSE-2020-274)

This update for python3 fixes the following issues : Security issues fixed : - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issu...

OPENSUSE-SU-2020:0274-1 Security update for python3

This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

[SECURITY] Fedora 31 Update: kernel-tools-5.5.6-200.fc31

This package contains the tools/ directory from the kernel source and the supporting documentation...

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0510-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs bsc1162825. CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Note that Tenable...

(RHSA-2020:0638) Low: Red Hat Satellite Proxy 5 - 90 day End Of Life Notice

After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit...

(RHSA-2020:0637) Low: Red Hat Satellite 5 - 90 day End Of Life Notice

After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the...

Nagios XI Authenticated Remote Command Execution

This module exploits a vulnerability in Nagios XI before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported...

Threat Source newsletter (Feb. 27, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We know we’ve kept you waiting for a while, but the new Snort Resources page is finally here. We’ve got new and improved documentation,...