SUSE: Security Advisory (SUSE-SU-2017:0426-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Description of the security update for Office 2016: June 8, 2021 (KB5001951)

Description of the security update for Office 2016: June 8, 2021 KB5001951 Summary This security update resolves a Microsoft Excel Remote Code Execution Vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-31939. Note: To apply this...

403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses

Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...

Security update for inn (moderate)

openSUSE Security Update: Security update for inn Announcement ID: openSUSE-SU-2021:0830-1 Rating: moderate References: 1182321 Cross-References: CVE-2021-31998 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for inn fixes th...

July 13, 2021 Public preview security update (KB5004243)

July 13, 2021 Public preview security update KB5004243 Improvements and fixes This public preview security update includes quality improvements. Key changes include: Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more...

Apache Dubbo代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A deserialization vulnerability...

Showmax: xmlrpc.php is publicly available at https://stories.showmax.com/xmlrpc.php

Summary: Greetings @Showmax, i found an xmlrpc.php file on https://stories.showmax.com, it's publicly available and it accepts POST requests. Description: your site is a WordPress site based, xmlrpc.php is a file that is intended to make API calls between hosts, if it's enabled on a WordPress sit...

Code injection

redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host...

Evolution of JSWorm ransomware

Introduction Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. From the massive outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, a lot of ransomware actors have moved to the covert but highly profitable...

GraphQLmap - A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. Install $ git clone https://github.com/swisskyrepo/GraphQLmap $ python graphqlmap.py / | | | / | | | | | | | | | | | | | | | '/ | ' | ' | | | | | | ' \ / | ' \ | || | | | | | | | | | | || | || | | | | |...

Etherblob-Explorer - Search And Extract Blob Files On The Ethereum Blockchain Network

Search and extract blob files on the Ethereum network using Etherscan.io API. Introduction EtherBlob Explorer is a tool intended for researchers, analysts, CTF players or anyone curious enough wanting to search for different kinds of files or any meaningful human-supplied data on the Ethereum...

Weak password vulnerability in FB-Series

FLIR Systems, Inc. specializes in the design, development, production, marketing and promotion of specialized technologies for enhanced situational awareness. Through thermal imaging, visible light imaging, video analytics, measurement and diagnostics, and advanced threat detection systems, we...

Security update for vlc (moderate)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2021:0714-1 Rating: moderate References: 1181918 Cross-References: CVE-2020-26664 CVSS scores: CVE-2020-26664 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP2 An...

Description of the security update for Office 2013: May 11, 2021 (KB4464542)

Description of the security update for Office 2013: May 11, 2021 KB4464542 Summary This security update resolves a Microsoft Office Graphics remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-31180. Note: To appl...

LivingLogic XIST4C Cross-Site Scripting Vulnerability

XIST4C is a content management system, shopping cart software and web application framework from LivingLogic. A cross-site scripting vulnerability exists in LivingLogic XIST4C versions prior to 0.107.8. The vulnerability can be exploited to conduct cross-site scripting attacks via login.htm,...

ALPINE-CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

SUSE SLED15 / SLES15 Security Update : p7zip (SUSE-SU-2021:1491-1)

This update for p7zip fixes the following issues : CVE-2021-3465: Fixed a NULL pointer dereference in NCompress:CCopyCoder:Code bsc1184699 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Breaking free from the VirusTotal silo: Lock and Code S02E07

This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. Its a practice that is surprisingly common. Weeks ago, Malwarebyt...

Security update for shim (important)

openSUSE Security Update: Security update for shim Announcement ID: openSUSE-SU-2021:0598-1 Rating: important References: 1173411 1174512 1175509 1177315 1177404 1177789 1182057 1184454 Cross-References: CVE-2019-14584 CVSS scores: CVE-2019-14584 SUSE: 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A...

Security update for ImageMagick (moderate)

openSUSE Security Update: Security update for ImageMagick Announcement ID: openSUSE-SU-2021:0606-1 Rating: moderate References: 1184624 1184626 1184627 1184628 Cross-References: CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 CVSS scores: CVE-2021-20309 SUSE: 5.3...