CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

[SECURITY] Fedora 29 Update: ansible-2.7.5-1.fc29

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

LanSpy 2.0.1.159 - Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan...

Code injection

Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...

Rendertron Absolute Path Disclosure Vulnerability

Rendertron is Google's open source Chrome rendering solution designed to instantly render web pages. Rendertron 1.0.0 suffers from an absolute path disclosure vulnerability, which stems from nodemodules in Rendertron exposing installed packages, which can be exploited by a remote attacker to read...

F5 Networks BIG-IP : OpenSSH vulnerability (K31440025)

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10009 C Tenable Network Security, Inc. The descriptive text and package checks in...

[SECURITY] Fedora 28 Update: perl-5.26.3-415.fc28

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Perl Modules Detection (Linux/Unix SSH Login)

SSH login-based detection of various installed Perl modules. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2018-17924

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

RHEL 7 : ansible (RHSA-2018:3770)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3770 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...

CVE-2018-16528

Amazon Web Services AWS FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGDSecureConnectConnect in AWS TLS connectivity modules...

CVE-2018-16528

The CVE-2018-16528 issue affects AWS FreeRTOS up to version 1.3.1, where remote code execution is possible due to mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect within the AWS TLS connectivity modules. The vulnerability’s impact is described as remote attack...

LightBulb Framework - Tools For Auditing WAFS

LightBulb is an open source python framework for auditing web application firewalls and filters. Synopsis The framework consists of two main algorithms: GOFA : An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active...

Kernel-Mode Rootkit Hunter: Tyton

Loadable kernel modules, LKMs for short, are an integral companion to the Linux kernel. Typically, LKMs are used to add support for new hardware as device drivers or file systems or add additional system calls. Without LKMs, an operating system would have to include all possible anticipated...

Veeam Agent for Linux - veeamsnap and blksnap Extended Linux Distribution Support

This article provides supplementary information regarding the compatibility of the veeamsnap and blksnap kernel modules with various Linux distributions and kernel versions. It specifically addresses distributions and versions that are not explicitly listed in the System Requirements for Veeam...

Why Malwarebytes decided to participate in AV testing

Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show...

TIDoS-Framework v1.7 - The Offensive Manual Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...

openSUSE Security Update : virtualbox (openSUSE-2018-1443)

This update for virtualbox fixes the following issues : virtualbox was updated to version 5.2.22 released November 09 2018 by Oracle. Security issues fixed : - Fixed a guest-to-host excape via the e1000 virtual network driver bsc1115041. Non-security issues fixed : - Audio: Fixed a regression in...

Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

Multiple Siemens Products Cross-Site Scripting Vulnerabilities

Siemens SCALANCE S602 and others are Ethernet security modules from Siemens, Germany. A cross-site scripting vulnerability exists in several Siemens products, which can be exploited by remote attackers to inject arbitrary scripts via malicious links...