CVE-2019-0279

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

CVE-2019-0279

CVE-2019-0279 concerns SAP BASIS: ABAP function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST. Connected sources confirm the issue arises from insufficient authorization checks in all circumstances for an authenticated user, enabling privilege escalati...

EulerOS Virtualization 2.5.3 : git (EulerOS-SA-2019-1183)

According to the version of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may...

Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the...

SUSE-SU-2019:13999-1 Security update for various KMPs

This update rebuilds missing kernel modules KMP to use 'retpolines' mitigations for Spectre Variant 2 CVE-2017-5715. Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm...

WinPwn - Automation For Internal Windows Penetrationtest

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensi...

CVE-2019-10251

The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files related to libpicsel, which allows MITM attacks...

CVE-2019-10250

UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks...

CVE-2019-10251

The CVE-2019-10251 entry concerns the UCWeb UC Browser on Android (pre-2020) that downloads modules tied to PDF/Office processing via libpicsel over HTTP. This insecure HTTP traffic enables man‑in‑the‑middle attacks against module downloads, exposing users to potential data interception or tamper...

CVE-2018-19016

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB includes 1756-EWEBK Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected...

CVE-2018-19016

CVE-2018-19016 affects Rockwell Automation EtherNet/IP Web Server Modules: 1756-EWEB (incl. 1756-EWEBK) <= v5.001 and CompactLogix 1768-EWEB

openSUSE Security Update : virtualbox (openSUSE-2019-943)

This update for virtualbox fixes the following issues : virtualbox was updated to version 5.2.22 released November 09 2018 by Oracle. Security issues fixed : - Fixed a guest-to-host excape via the e1000 virtual network driver bsc1115041. Non-security issues fixed : - Audio: Fixed a regression in...

Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042

This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs. The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that the...

Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely

Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices...

Authentication Bypass

Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and passwor...

CVE-2018-16563

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.35, Firmware variant MODBUS TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet module All versions, Firmware variant IEC104 for EN100 Ethernet module A...

Debian DLA-1717-1 : rdflib security update

The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...

Armory - A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information

Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information. It isn't meant to replace any specific tool. It is meant to take the output from various tools, and use it to feed other tools. Additionally, ...

Low: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] [DLA 1717-1] rdflib security update

Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...