Reverse router firmware of sensitive information leaked Part2-vulnerability warning-the black bar safety net

Previous articledescribes in detail the various unpacking the router firmware tools. Unpacking after you get the firmware file. The next step is to analyze the files looking for vulnerabilities. This time the goal of the analysis is a Trendnet Router, the analysis of the vulnerability is a remote...

How to Simulate Veeam Backup & Replication Disk I/O

Purpose This article provides examples of using common workload simulators diskspd and fio to simulate Veeam Backup & Replication disk I/O. Do Not Send Test Output Files to Veeam Support The write test output files testfile.dat do not contain diagnostic data. As such, please do not attach them to...

RHEL 5 : spacewalk in Satellite Server (RHSA-2014:0149)

Updated gc packages that fix one security issue are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fro...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities

The version of HP Smart Update manager running on the remote host is prior to 6.4.1. It is, therefore, affected by the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that...

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...

PwnPi - A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

No description provided by source. Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview web console Linux bas...

'Tails' Operating System Website Has Been Hacked

Just a few hours ago, the Official website of the Tails Operating System has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it. Tails is a Linux-based highly secure Operating System, specially designed and optimized to preserve users' anonymity and...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

Exploit for hardware platform in category web applications Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixvi...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

Sixnet Sixview 2.4.1 - Web Console Directory Traversal Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview w...

Cisco Unity Connection Web Inbox跨站脚本漏洞

CVE ID:CVE-2014-2125 Cisco Unity Connection是运行在Linux-based Cisco Unified Communications操作系统上的功能强大的语音消息通讯平台。 由于某些关于网页收件箱的输入在返回用户前没有正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML 和脚本代码。 0 Cisco Unity Connection 8.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

Moderate: Red Hat Security Advisory: gc security update

Updated gc packages that fix one security issue are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fro...

Government launched 'China Operating System' (COS) to break Andoird and iOS Monopoly

China has always tried to support its homegrown tech industry and even the security concerns over U.S. secret surveillance which gives Chinese Government another reasons to trust domestic vendors.Many other countries are also in favor to develop their own technology industries to reduce their...

Synology DSM 4.3-3810 - Directory Traversal

Synology DSM 4.3-3810 - Directory Traversal Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again he...

Metasploit Modules Available for Seven Open Source Packages

Open source projects with anywhere between 100,000 and 1 million downloads are pretty sizable endeavors, and with the code open for scrutiny, you would think bugs would be found and some sort of disclosure process would be in place. If a spate of recently discovered issues in seven popular softwa...

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

NEW VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2013-0010 Synopsis: VMware Workstation host privilege escalation vulnerability Issue date: 2013-08-22 Updated on: 2013-08-22 initial...

Google Chrome OS 26.0.1410.57之前版本多个安全漏洞

BUGTRAQ ID: 59063 CVECAN ID: CVE-2013-2832,CVE-2013-2833,CVE-2013-2834,CVE-2013-2835 Google Chrome OS是一款基于Linux的开源操作系统。 Google Chrome OS 26.0.1410.57之前版本存在多个安全漏洞:1.03D插件的缓冲区内存在未初始化的内存数据；2.03D插件内存在释放后重用漏洞；3.03D及Google Talk插件被来源锁定绕过。 0 Google Chrome = 26.0.1410.57 厂商补丁： Google ------...

Serious Vulnerabilities Found in Popular Home Wireless Routers

Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere. A handful of vulnerabilities were identified...