22 matches found
Incorrect Bitwise Shift of Integer
Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer in the zisofs decompression process due to improper validation of the pzlog2bs field from ISO9660 Rock Ridge extensions. An attacker can cause application crashes and service disruption by supplying a...
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primari...
EUVD-2005-3012
Malware in sbrugna...
How to verify downloaded ISO images
This article contains information about checking the integrity of the downloaded ISO image before burning it to a media. Corrupted ISO images can lead to problems during installation. Therefore, it is a good practice to check the integrity of the downloaded ISO image...
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated...
SUSE CVE-2014-5472
The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service unkillable mount process via a crafted iso9660 image with a self-referential CL entry...
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software.These...
AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts
AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...
Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability
Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...
USN-4765-1 sleuthkit vulnerabilities
It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. CVE-2012-5619 It was discovered that The Sleuth Kit mishandled...
Veeam ONE Remote Code Execution Vulnerabilities
Challenge Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. Severity : critical CVSS v3 score : 9.8 Cause Veeam ONE Age...
Security update for libmirage (moderate)
openSUSE Security Update: Security update for libmirage Announcement ID: openSUSE-SU-2019:2077-1 Rating: moderate References: 1148087 Cross-References: CVE-2019-15540 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that fixes one vulnerability is now available...
Security update for libmirage (moderate)
openSUSE Security Update: Security update for libmirage Announcement ID: openSUSE-SU-2019:2033-1 Rating: moderate References: 1148087 Cross-References: CVE-2019-15540 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...
BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...
UPDATE: Kali Linux 2019.2 Release
PenTestIT RSS Feed Kali Linux 2019.2, the latest and the greatest Kali Linux release is now officially available! This is the second 2019 release, which comes after Kali Linux 2019.1, that was made available in the month of February. This new release majorly focuses on Kali Linux NetHunter update...
Product update: Virtuozzo 7.0 Update 6 (7.0.6-635)
The Update 6 for Virtuozzo 7.0 provides new features, security fixes as well as stability and usability bug fixes. Vulnerability id: PSBM-69459 Downloadable ISO images of Virtuozzo as well as their MD5 and SHA256 checksums can now be verified against the GPG key stored at a secure location. For...
openSUSE Security Update : libzypp / zypper (openSUSE-2017-893)
The Software Update Stack was updated to receive fixes and enhancements. libzypp : Security issues fixed : - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes : - Re-probe on refresh if the...
Security update for libzypp, zypper (important)
The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...
Mandriva Update for cdrecord MDKA-2007:093 (cdrecord)
Check for the Version of cdrecord OpenVAS Vulnerability Test Mandriva Update for cdrecord MDKA-2007:093 cdrecord Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
WinImage 8.10 vulnerabilities
Team Vexillium Security Advisory http://vexillium.org/ Name : WinImage 8.10 Multiple Vulnerabilities Class : Denial of Service and Directory Traversal Threat level : LOW DoS, MED Dir. traversal vuln Discovered : 2007-08-31 Published : 2007-09-15 Credit : j00ru//vx Vulnerable : WinImage 8.10,...