UBUNTU-CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

openSUSE Security Update : GraphicsMagick (openSUSE-2018-518)

GraphicsMagick was updated to 1.3.29 : - Security Fixes : - GraphicsMagick is now participating in Google's oss-fuzz project - JNG: Require that the embedded JPEG image have the same dimensions as the JNG image as provided by JHDR. Avoids a heap write overflow. - MNG: Arbitrarily limit the number...

SUSE-SU-2018:1465-1 Security update for HA kernel modules

This update provides rebuilds of HA kernel modules with retpoline support to mitigate Spectre Variant 2 CVE-2017-5715 bsc1068032 Also fixed a problem in ocfs2: - backport patch to fix dlmglue false deadlock bsc962257...

Node.js third-party modules: [serve] Server Directory Traversal

I would like to report a Server Directory Traversal vulnerability in serve. It allows reading local files on the target server. Module module name: serve version: 7.0.1 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site, single page...

Node.js third-party modules: [buttle] Path traversal in mid-buttle module allows to read any file in the server.

Hello Node.js third-party modules I would like to report path traversal in buttle module It allows me to read any file in the server if i know the path. Module module name: buttle version: 0.2.0 npm page: https://www.npmjs.com/package/buttle Module Description Simple static file + markdown server...

Node.js third-party modules: [servey] Path Traversal allows to retrieve content of any file with extension from remote server

Hi Team, I would like to report a partial Path Traversal in servey module. It allows to read content of any arbitrary file with extension from the server. Module module name: servey version: 2.2.0 npm page: https://www.npmjs.com/package/servey Module Description A static & single page application...

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)

!/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflow Date: 2018-05-19 Author: Juan Prescotto Tested Against: Win7 Pro SP1...

Sandmap - A Tool Supporting Network And System Reconnaissance Using The Massive Nmap Engine

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine...

hyperstart denial of service vulnerability

HyperHQ Hyper is a layered system based on virtualization. hyperstart is one of the launchers. A security vulnerability exists in the 'containersetupmodules' and 'hyperrescanscsi' functions of the container.c file in hyperstart version 1.0.0 in HyperHQ Hyper. ' functions contain a security...

[SECURITY] Fedora 28 Update: perl-5.26.2-410.fc28

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

CVE-2018-10229

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API...

CVE-2018-10229

CVE-2018-10229 describes a hardware vulnerability in GPU memory modules that enables attackers to accelerate micro-architectural attacks via the JavaScript WebGL API. Public sources consistently tie the issue to GPU memory sharing with the CPU (e.g., integrated GPUs) and to WebGL timing-based sid...

UPDATE: WordPress Exploit Framework v1.9.2

PenTestIT RSS Feed WPXF update time again guys! Since my first post about this WordPress exploitation framework almost a year ago, this tool has gotten better and a new version - WordPress Exploit Framework v1.9.2 has been released. This post will summarize the updates for the latest release such...

Penetration Testers Framework: PTF

The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all o...

[SECURITY] Fedora 26 Update: perl-Module-CoreList-5.20180414-1.fc26

Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl...

[SECURITY] Fedora 26 Update: perl-5.24.4-397.fc26

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

CVE-2017-17256

CVE-2017-17256 affects Huawei H323 protocol across multiple AR and related Huawei products. An unauthenticated, remote attacker can send malformed H323 packets, and due to insufficient packet verification a memory leak may occur, potentially causing DoS. Public details in Huawei HWPSIRT advisory ...

Oracle Solaris Critical Patch Update : apr2018_SRU11_3_29_5_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Python modules. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low...

Hashcat Wrapper for Distributed Hashcracking: Hashtopolis

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis’s development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...