Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0176

An update of 'glibc' packages of Photon OS has been released...

Raptor WAF v0.5 - Web Application Firewall using DFA

Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. to run: $ git clone https://github.com/CoolerVoid/raptorwaf $ cd raptorwaf; make; bin/raptor Note: Don't execute with "cd bin; ./raptor" use full path "bin/raptor" look detail...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0175

An update of 'procps-ng', 'perl', 'openssl' packages of Photon OS has been released...

[SECURITY] Fedora 28 Update: postgresql-10.5-1.fc28

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

[SECURITY] Fedora 28 Update: php-zendframework-zend-http-2.8.1-1.fc28

Zend\Http is a primary foundational component of Zend Framework. Since much of what PHP does is web-based, specifically HTTP, it makes sense to have a performant, extensible, concise and consistent API to do all things HTTP. Documentation: https://zendframework.github.io/zend-http/...

[SECURITY] Fedora 27 Update: php-zendframework-zend-diactoros-1.8.4-1.fc27

A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://zendframework.github.io/zend-diactoros/ Autoloader: /usr/share/php/Zend/Diactoros/autoload.php 1...

CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0174

An update of 'linux', 'linux-esx' packages of Photon OS has been released...

CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

Ed: Physical Laptop Takeover

At 6:16PM of August 11th of 2018, during H1-702, right before the sand storm beat the shit out of the rooftop party, we managed to perform a critical attack on Ed's infrastructure. F332214 Report Summary During our analysis and reconnaissance of how Ed program worked during the h1-702 event, we...

[SECURITY] Fedora 27 Update: kernel-tools-4.17.12-100.fc27

This package contains the tools/ directory from the kernel source and the supporting documentation...

[SECURITY] Fedora 28 Update: kernel-tools-4.17.12-200.fc28

This package contains the tools/ directory from the kernel source and the supporting documentation...

Tamper proofing review: the iZettle card payment terminal

Tamper resistance is an increasingly important factor in smart devices. Together with secure hardware design and defensive coding, it can deliver a very secure device. One of the most common areas the average consumer will encounter tamper resistant devices is in payment terminals, or Pin Entry...

[SECURITY] Fedora 28 Update: mailman-2.1.29-1.fc28

Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from...

Node.js third-party modules: Command Injection Vulnerability in win-fork/win-spawn Packages

I would like to report a command injection vulnerability in win-fork and win-spawn packages. It allows an attacker to inject multiple commands in exec-like manner. Module module name: win-spawn version: 2.0.0 npm page: https://www.npmjs.com/package/win-spawn npm page:...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0170

An update of 'mysql' packages of Photon OS has been released...

Advanced Man in the Middle Attack Framework: Evilginx

Evilginx is an attack framework for setting up phishing pages. Instead of serving templates of sign-in pages lookalikes, Evilginx becomes a relay between the real website and the phished user . Phished user interacts with the real website, while Evilginx captures all the data being transmitted...

FreeBSD : GIMP - Heap Buffer Overflow Vulnerability (bfda2d80-0858-11e8-ad5c-0021ccb9e74d)

GNOME reports : CVE-2017-17786 Out of bounds read / heap overflow in tga importer / function bgr2rgb.part.1 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...

WTF - A Personal Information Dashboard For Your Terminal

A personal terminal-based dashboard utility, designed for displaying infrequently-needed, but very important, daily data. Quick Start Download and run the latest binary or install from source: go get -u github.com/senorprogrammer/wtf cd $GOPATH/src/github.com/senorprogrammer/wtf make install make...

Notification Emails From Veeam Backup for Microsoft 365 Are Sent in an Unexpected Language

Challenge Email notifications sent by Veeam Backup for Microsoft 365 unexpectedly contain Chinese characters. Cause The issue is caused by an encoding conflict. By default, Veeam Backup for Microsoft 365 uses UTF-16 character encoding, and the problem appears under the following circumstances: Us...