[SECURITY] Fedora 26 Update: q-7.11-29.fc26

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

Android Message APP denial of service ddos vulnerability flaws bug(CVE-2017-0780)the use of the research-vulnerability warning-the black bar safety net

0×01 flaws vulnerabilities in the bug description 9 on 7, Trend Micro announced a review of the CVE-2017-0780: rebuff-do flaws vulnerability bug can be incurred Android Message App the collapse of the articles. This morning had confirmed that the flaws vulnerabilities bug on the latest version of...

LaZagne v2.2 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the $header parameter in the modules/shortcodes/wufoo.php file, allowing a malicious user to inject and execute arbitrary JavaScript...

ICSSPLOIT: A Industrial Control System Exploitation Framework

PenTestIT RSS Feed This framework is based on RouterSploit, which has already been covered on this blog. Infact, that's how I got to know about it - I was checking the source for updates and I found a reference for this Industrial Control System ICS exploitation framework - ICSSPLOIT. ICS securit...

sdnpwn - An SDN Penetration Testing Toolkit

The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch i.e...

Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks

Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability CVE-2017-12734 that could let an attacker...

Revamped Nukebot Malware Changes Targets, Adds Functions

A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification o...

Low: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

Portia - Automate Techniques Commonly Performed On Internal Network Penetration Tests

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised: Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders - known for their...

LiveCRM 1.0 SQL Injection

Exploit Title: LiveCRM 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livecrm-complete-business-management-solution/20249151 Demo: http://demo.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...

UPDATE: WordPress Exploit Framework v1.6.1!

PenTestIT RSS Feed Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new...

Automated Privilege Escalation: portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...

The Windows Malware Analysis Distribution: flare-vm

FLARE VM is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others, FLARE V...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

DEBIAN-CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

RedHat Update for python RHSA-2017:1868-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...