Fedora 29 : ckeditor (2019-ae7f274d24)

CKEditor 4.11.2 Fixed Issues : - 2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks. - 2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the...

USN-3871-5 linux-azure vulnerabilities

Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

CVE-2019-7296

typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...

CVE-2019-7296

typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...

Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory

Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy in many situations. Graph theory algorithms...

Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...

Description of the security update for Outlook 2016: January 8, 2019

Description of the security update for Outlook 2016: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...

directory-validators (>=4.4.1 <=4.5.0), django-admin-caching (=0.1.3) +27 more potentially affected by CVE-2018-7536 via django (>=1.11.0 <=1.11.10)

django PYPI version =1.11.0, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 - django-misa =0.0.1 - django-mogi =0.0.1 and more Source cves: CVE-2018-7536 Source advisory: OSV:GHSA-R28V-MW67-M5P9...

Improper access control

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

CVE-2018-1000815

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

CVE-2018-1000815

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

Google Chrome Heap Corruption Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A heap corruption vulnerability exists in Google Chrome. A remote attacker can exploit this vulnerability to cause heap corruption via a specially crafted HTML page...

Missing 'X-XSS-Protection' Header

The HTTP 'X-XSS-Protection' response header is a feature of old browsers that allows websites to control their XSS auditors.\n\nThe server is not configured to return a 'X-XSS-Protection' header which means that any pages on this website could be at risk of a Cross-Site Scripting XSS attack. This...

Open Source Network Access Control: PacketFence

PacketFence is a fully supported, trusted, Free and Open Source network access control NAC system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices,...

BlobRunner - Quickly Debug Shellcode Extracted During Malware Analysis

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base or offset of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To...

WebKit WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free

WebKit: Use-after-free in WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded CVE-2018-4197 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on the ASan build of the latest WebKit source on OSX. PoC:...

Linux Meterpreter, Reverse TCP Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1062084 include...

Linux Meterpreter, Reverse HTTP Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1062084 include...

CloudSploit Scans - AWS Security Scanning Checks

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks. Installation Ensure that NodeJS is installed. If not, instal...

cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...