SharpSploit - A .NET Post-Exploitation Library Written In C#

SharpSploit is a .NET post-exploitation library written in C that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. SharpSploit is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port...

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability

The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain. The DDoS vulnerability, identified as...

IDA-minsc Wins Second Place in Hex-Rays Plugins Contest

Introduction Ali Rizvi-Santiago of Cisco Talos recently tied for second place in the IDA plugin contest with a plugin named "IDA-minsc." IDA is a multi-processor disassembler and debugger created by the company Hex-Rays and this year there were a total of four winners with nine submissions total...

CVE-2018-17382

creationtimestamp| type| source ---|---|--- 2018-09-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45469...

CVE-2018-17281

creationtimestamp| type| source ---|---|--- 2018-09-21 22:22:32+00:00| seen| MISP/5ba56ed4-1114-4265-b26a-60310a021402...

Threats posed by using RATs in ICS

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools RAT for PCs installed on operational technology OT networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had use...

[SECURITY] Fedora 27 Update: dokuwiki-20180422a-2.fc27

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0096

An update of 'curl' packages of Photon OS has been released...

ISC BIND 9 krb5-subdomain and ms-subdomain update policy vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. To provide fine-grained control over the ability to update records in a zone using Dynamic DNS DDNS, BIND provides a feature called update-policy. Variou...

[SECURITY] Fedora 28 Update: kernel-tools-4.18.7-200.fc28

This package contains the tools/ directory from the kernel source and the supporting documentation...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0093

An update of 'nodejs' packages of Photon OS has been released...

Parrot Security 4.2.2 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Updated kernel and core packages Parrot 4.2 is powered by the latestLinux 4.18 debianized kernel with all the usual wireless patches. A new version of the Debian-Installer now powers our netinstall images and the standard Parrot images. Firmware packages were updated to add broader hardware...

CVE-2018-1756

creationtimestamp| type| source ---|---|--- 2018-09-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45392...

MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...

[SECURITY] Fedora 28 Update: dokuwiki-20180422a-1.fc28

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0182

An update of 'libsoup', 'libgcrypt' packages of Photon OS has been released...

Infoblox NetMRI Cross-Site Scripting Vulnerability

Infoblox NetMRI is a suite of network automation products from Infoblox, Inc. that provides automated network discovery, switch port management, network change automation, and continuous configuration compliance management for routers, switches, and other network devices. A cross-site scripting...

CVE-2018-6643

Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter...

Couchbase Server Remote Code Execution

Hey, Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary Erlang code to 'diag/eval' endpoint of the API. The code will be subsequently executed in the underlying operating system with privileges of t...

Couchbase Server Remote Code Execution Vulnerability

Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval. Couchbase Server Remote Code Execution Vulnerability Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary...