[SECURITY] Fedora 24 Update: zoneminder-1.28.1-8.fc24

ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras y ou have attached to a Linux based machine. It is designed to run on kernels wh ich support the Video For Linux V4L interface and has been tested...

Google Android elevation of privilege vulnerability (CNVD-2017-00162)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in Android on multiple Google devices. A remote attacker can exploit the vulnerability to execute arbitrary code in the context of a...

musl: Integer overflow

Background musl is a “libc”, an implementation of the standard library functionality described in the ISO C and POSIX standards, plus common extensions, intended for use on Linux-based systems. Description A vulnerability was discovered in musl’s tretnfarunparallel function buffer overflow logic,...

dedsploit - Framework For Attacking Network Protocols

Framework for attacking network protocols and network exploitation. I. Introduction I don't look back anymore. I don't regret. I look forward Aiden Pearce Yes, Watch Dogs has heavily influenced us when writing this framework. This entire project brought upon a lot of the ideals from the Watch Dog...

NEET - Network Enumeration and Exploitation Tool

Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats. The core scanning engine finds and...

Aruba Networks AOS 6.3.1.19 Improper Authentication Vulnerability

Arube Networks AOS version 6.3.1.19 has a special key combination that escalates privileges. Product: AOS Manufacturer: Aruba Networks Affected Versions: 6.3.1.19 Tested Versions: 6.3.1.19 on an RAP-3 router Vulnerability Type: Improper Authentication Risk Level: High Solution Status: Open...

Google Android has an unspecified vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in versions of Android prior to 2016-09-01. No information about this vulnerability is available at this time...

Android on Nexus NVIDIA Privilege Gain Vulnerability

Android on Nexus 9 is an open source operating system running on the Nexus 9 Tablet PC and based on Linux, jointly developed by Google and the Open Handset Alliance OHA.The NVIDIA media driver is a multimedia driver that is used in the Nexus 9. A privilege acquisition vulnerability exists in the...

NUUO 3.0.8 OS Command Injection

i? NUUO Multiple OS Command Injection Vulnerabilities Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 NE-4160, NT-4040, NT-4040R DP: =04.07.0000.0030, =04.03.0000.0035 FW: =02.02.00, =1.7.0 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS...

NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections

NUUO Multiple OS Command Injection Vulnerabilities Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 NE-4160, NT-4040, NT-4040R DP: =04.07.0000.0030, =04.03.0000.0035 FW: =02.02.00, =1.7.0 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS...

NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections

NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections NUUO Multiple OS Command Injection Vulnerabilities Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 NE-4160, NT-4040, NT-4040R DP: =04.07.0000.0030, =04.03.0000.0035 FW: =02.02.00, =1.7.0 Summary: NUUO NVRmini 2...

Google Android System Clock Denial of Service Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA.System Clock is one of the classes used to get the system time. A denial of service vulnerability exists in System Clock in Android. An attacker can exploit this vulnerability to...

Google Android Remote Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. There is a security vulnerability in the Android Shell, which can be exploited by remote attackers to build special applications, induce application parsing, and elevate privileges...

Valve Steam Local Lift Vulnerability

Valve Steam is a Linux-based operating system for living room gaming from the American company Valve. A local lift vulnerability exists in Valve Steam version 3.42.16.13, which stems from a program that assigns weak permissions to the Steam directory. An attacker can use this vulnerability to...

ExaGrid Unauthorized Access Vulnerability

ExaGrid is a Linux-based backup and recovery storage appliance from ExaGrid, Inc. that provides deduplication capabilities. A security vulnerability exists in ExaGrid, which can be exploited by attackers to gain unauthorized access...

ExaGrid Private SSH Key Removed

ExaGrid has removed a private SSH key and weak, hardcoded credentials shipping with all of its disk-based storage appliances. Updated firmware has been available since March 24 and storage and security managers are urged to update devices to version 4.8 P26. Researcher James Lee of Rapid7 private...

Linux Embedded Firmware Dynamic Analysis: FIRMADYNE

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware. It includes the following components: modified kernels MIPS: v2.6.32 , ARM: v4.1 , v3.10 for instrumentation of firmware execution; a userspace NVRAM library to emulate a...

Android Security Bypass Vulnerability

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. Android suffers from a security vulnerability that allows remote attackers to bypass the ASLR protection mechanism...

Western Digital My Cloud Command Injection

Exploit Title: Western Digital My Cloud Command Injection Vendor Homepage: http://www.wdc.com Firmware tested: 04.01.03-421 and 04.01.04-422 for the Personal Cloud devices Firmware link: http://download.wdc.com/nas/sq-040104-422-20150423.deb.zip Exploit Author: James Sibley absane ; twitter =...

The World's First $9 Computer is Shipping Today!

Remember Project: C.H.I.P. ? A $9 Linux-based, super-cheap computer that raised some $2 Million beyond a pledge goal of just $50,000 on Kickstarter will be soon in your pockets. Four months ago, Dave Rauchwerk, CEO of Next Thing Co., utilized the global crowd-funding corporation ‘Kickstarter’ for...