CVE-2017-17758

CVE-2017-17758 affects TP-Link TL-WVR and TL-WAR devices. A remote authenticated user can execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, tied to zone_get_iface_bydev in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. C...

Design/Logic Flaw

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linkedscripts/context/stubs/unix/mtxrun,...

CVE-2017-16960

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the tbindif field of an admin/interface command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/interface.lua in...

CVE-2017-16959

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP heade...

CVE-2017-16960

This entry (CVE-2017-16960) concerns TP-Link devices TL-WVR, TL-WAR, TL-ER, and TL-R where remote authenticated users can execute arbitrary commands via shell metacharacters in the t_bindif parameter sent to cgi-bin/luci, related to get_device_byif in /usr/lib/lua/luci/controller/admin/interface....

Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...

TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shel...

RHAPIS - Network Intrusion Detection Systems Simulator

Network intrusion detection systems simulator. RHAPIS provides a simulation environment through which user is able to execute any IDS operation. Basic Usage Type HELP in the console in order to see the available commands. RHAPIS is written in Lua language. You need to have installed Lua in order ...

Capturing, Analyzing and Responding to Cyber Attacks: cyberprobe

The Cyberprobe project is an open-source distributed architecture for real-time monitoring of networks against attack. The software consists of two components: a probe, which collects data packets and forwards it over a network in standard streaming protocols. a monitor, which receives the stream...

TP-Link Archer C9(UN) Arbitrary Password Reset Vulnerability

TP-Link Archer C9UN is a wireless router product from China P&L TP-LINK. A security vulnerability exists in the passwdrecovery.lua file in the TP-Link Archer C9UN version V2160517. An attacker can exploit the vulnerability to reset the administrator password...

Wube Factorio Security Bypass Vulnerability

Wube Factorio Alien Factory is a factory construction game from Wube Software, Czech Republic. A security vulnerability exists in the Lua interface in versions of Wube Factorio prior to 0.15.31. A remote attacker can exploit this vulnerability by including and loading C libraries to bypass the...

CVE-2017-11615

A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library...

Code injection

A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library...

CVE-2017-11615

A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library...

CVE-2017-11615

A vulnerability in Wube Factorio (Lua interface) prior to 0.15.31 allows a sandbox escape that enables a remote attacker to execute arbitrary C code by including and loading a C library. The underlying issue is a bypass of the sandbox within the Lua environment. Impact stated includes potential r...

CVE-2017-11615

A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library...

Fedora 26 : wireshark (2017-5f15bf15cf)

Rebase to the newest upstream version. This release contains mostly bugfixes and no new features. ---- This update enables Lua support and also moves binaries into /usr/bin directory. The bug with scriptlets is resolved by removing the whole alternatives group prior to installing new packages. --...

[SECURITY] Fedora 26 Update: love-0.10.2-6.fc26

LOVE is an open source, cross platform 2D game engine which uses the Lua scripting language. LOVE can be used to make games of any license allowing it to be used for both free and non-free projects...

[SECURITY] Fedora 24 Update: redis-3.2.8-1.fc24

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

lua-resty-waf

It is an offensive tool for web application firewalls WAFs. The repository, huangjacky/lua-resty-waf, contains a high-performance WAF built on the OpenResty stack. The tool is designed to protect against various types of attacks, including HTTP violations, HTTP anomalies, SQL injection, and gener...