org.apache.camel:camel-atmosphere-websocket (=2.16.0), org.apache.camel:camel-example-cxf (=2.16.0) +19 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-http-common (=2.16.0)

org.apache.camel:camel-http-common MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-http-common and may be impacted: - org.apache.camel:camel-atmosphere-websocket =2.16.0 - org.apache.camel:camel-example-cxf...

activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +325 more potentially affected by CVE-2018-8032 via axis:axis (>=1.2 <=1.4)

axis:axis MAVEN version =1.2, =1.2.5, =1.1.0, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2018-8032 Source advisory: OSV:GHSA-96JQ-75WH-2658...

puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

org.apache.storm:flux-core (>=1.1.0 <=1.1.2), org.apache.storm:storm-elasticsearch-examples (>=1.1.0 <=1.1.2) +14 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.1.0 <=1.1.2)

org.apache.storm:storm-core MAVEN version =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2018-8008 Source advisory: OSV:GHSA-898J-5CC8-CMF5...

org.apache.storm:flux-core (>=1.2.0 <=1.2.1), org.apache.storm:storm-elasticsearch-examples (>=1.2.0 <=1.2.1) +14 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.2.0 <=1.2.1)

org.apache.storm:storm-core MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.1 and more Source cves: CVE-2018-8008 Source advisory: OSV:GHSA-898J-5CC8-CMF5...

CVE-2018-18202

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password...

CVE-2018-17456

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

BYOB - Build Your Own Botnet

BYOB Build Your Own Botnet Disclaimer : This project should be used for authorized testing or educational purposes only. BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the...

Fancy Bear’s VPNfilter malware is back with 7 new modules

By Waqas Cisco’s Talos researchers have identified that Russia’s VPNfilter is way more dangerous than it is believed to be. The malware, which prompted the FBI to urge people to reboot their internet routers, contains seven additional third-stage modules that are infecting countless global...

Brave Software: RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context

Summary: \395737 has shown that Brave supports chrome://brave/ URLs. The Brave team introduced a patch which blocks navigation to chrome://brave and removed chrome.remote.require to prevent command execution on the machine. Navigation to chrome://brave via shortcut files From my understanding: 1...

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as...

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier. Attributed to Russia's APT 28, also known as...

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After reverse-engineering seven additional third-stage...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US

Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...

Node.js third-party modules: [http-live-simulator] Path traversal vulnerability

Module module name: http-live-simulator version: 1.0.6 npm page: https://www.npmjs.com/package/http-live-simulator Description this vulnerability is a bypass for the one found in this report in version 1.0.5 Steps To Reproduce: 1- Install the module : npm install -g http-live-simulator 2- Run the...

Authentication flaw

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

SVScanner - Scanner Vulnerability And Massive Exploit

Is a tool for scanning and massive exploits. Our tools target several open source cms. Getting Started with Linux 1. git clone https://github.com/radenvodka/SVScanner.git 2. cd SVScanner 3. php svscanner.php Getting Started with Windows 1. Download Xampp PHP7 2. Download SVScanner :...

CVE-2018-0657

Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service for EC-CUBE EC-CUBE Payment Module 2.12 version 3.5.23 and earlier, EC-CUBE Payment Module 2.11 version 2.3.17 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.12 version...

Mobile Application Testing Toolkit: Scrounger

Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment. The idea behind Scrounger is to make a metasploit-like tool that will not...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...