CVE-2016-8368

The CVE-2016-8368 issue affects Mitsubishi Electric MELSEC-Q series Ethernet interface modules QJ71E71-100, QJ71E71-B5, and QJ71E71-B2. It is caused by an Unrestricted Externally Accessible Lock that may allow a remote attacker to connect to the connected MELSEC-Q PLC via Port 5002/TCP and cause ...

WMD (Weapon of Mass Destruction) - Python framework for IT security tools

This is a python tool with a collection of IT security software. The software is incapsulated in "modules". The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command "use modulecall", e.g. "use apsniff", to activate the module. ...

Apache Httpd < 2.4.26 : ap_get_basic_auth_pw() Authentication Bypass

Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...

Apache Httpd < 2.2.34 : ap_get_basic_auth_pw() Authentication Bypass

Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...

Ubuntu: Security Advisory (USN-3182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : NTFS-3G vulnerability (USN-3182-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3182-1 advisory. Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to lo...

USN-3182-1 ntfs-3g vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

USN-3182-1: NTFS-3G vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

PYSEC-2017-33

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

Windows Exploit Suggester

Windows Exploit Suggester This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. Windows...

Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities

Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities Multiple vulnerabilities in TrueOnline / ZyXEL / Billion routers Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 26/12/2016 /...

[SECURITY] Fedora 24 Update: ansible-2.2.1.0-1.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Weapon of Mass Destruction: WMD

Weapon of Mass Destruction This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command “use modulecall”, e.g. “use apsniff...

WordPress Exploit Framework

WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Requirements Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command...

Operative - The Fingerprint Framework

/ / / / / / / / / / | / / \ / // / // / / / / // / // /| |/ / / / ./// ,/// |// // This is a framework based on fingerprint action, this tool is used for get information on website or enterprise target Dependency & launching pip install -r requirements.txt python operative.py Youtube how...

CVE-2016-8221

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules IOMs, certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary...

Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability

Document Title: =============== Huawei Flybox B660 - POST SMS CSRF Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2026 Release Date: ============= 2017-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 2026...

Description of the update rollup of revoked noncompliant UEFI modules: May 13, 2014

Description of the update rollup of revoked noncompliant UEFI modules: May 13, 2014 Introduction Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

ALPINE-CVE-2016-10009

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...