Linux Vulnerability Scanner: Vuls

Vulnerability scanner for Linux, agentless, written in golang For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use...

[SECURITY] Fedora 24 Update: postgresql-9.5.2-1.fc24

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

v0lt - Security CTF Toy Tools

v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only. Requirements and...

CVE-2016-0789

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Black-Box CAN Network Analysis Framework: CANToolz

CANToolz is a framework forCANbus network and device analysis. This tool consist of various different modules which can be piped together and used by security researchers and automotive/OEM security testers for black-box analysis of any CANbus system. You can use this software for ECU discovery,...

ownCloud: doc.owncloud.org: X-XSS-Protection not enabled

X-Xss-Protection @https://doc.owncloud.org/ has not been set. This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari Webkit. Valid settings for the header are 0, which disables the protection, 1 which enables the protection and 1;...

XenMobile Cloud Self-Service Auto-Discovery Portal

This article details how to configure auto-discovery for device enrollment in XenMobile Cloud. Refer to Citrix documentation -Device Management...

CVE-2016-1768

creationtimestamp| type| source ---|---|--- 2016-03-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39634...

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.8.3, 3.0.18, 3.1.13, and 3.2.6. These releases contain security fixes. 3.2.6 and 2.8.3 also contain bugfixes. Security Fixes These releases fix a weakness in...

CVE-2015-2545

creationtimestamp| type| source ---|---|--- 2016-03-26 12:41:40+00:00| seen| MISP/56f569a9-314c-44a0-bab6-20cc95ca48b7 2016-04-22 20:23:26+00:00| seen| MISP/571a87f2-13e0-4396-83e5-4780950d210f 2016-04-28 15:27:58+00:00| seen| MISP/57221ede-4084-4c2b-9463-4e1e950d210f 2016-05-09 13:58:53+00:00|...

[SECURITY] Fedora 23 Update: php-pecl-http-2.5.6-1.fc23

The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...

SOL30409575 - ISC DHCP vulnerability CVE-2016-2774

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2016-1000

creationtimestamp| type| source ---|---|--- 2016-03-23 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39610...

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

Debian Security Advisory DSA 3502-1 (roundup - security update)

Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site...

Debian DSA-3502-1 : roundup - security update

Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

DSA-3502-1 roundup - security update

Bulletin has no description...

openSUSE Security Update : postgresql94 (openSUSE-2016-271)

This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun...