PT-2016-3172

Name of the Vulnerable Software and Affected Versions Apache httpd versions 2.2.x through 2.2.32 Apache httpd versions 2.4.x through 2.4.25 Description The issue is related to the use of the ap get basic auth pw function by third-party modules outside of the authentication phase, which may lead t...

Denial of Service Vulnerability in Multiple Mitsubishi Electric MELSEC-Q Series Products

Mitsubishi Electric is a Japanese company. The affected products, QJ71E71-100, QJ71E71-B5 and QJ71E71-B2, are Ethernet interface modules used to connect MELSEC-Q series programmable controllers to host networks. A denial of service vulnerability exists in multiple Mitsubishi Electric MELSEC-Q...

Security Bypass Vulnerability in Multiple Mitsubishi Electric MELSEC-Q Series Products

Mitsubishi Electric is a Japanese company. The affected products, QJ71E71-100, QJ71E71-B5 and QJ71E71-B2, are Ethernet interface modules used to connect MELSEC-Q series programmable controllers to host networks. A security bypass vulnerability exists in multiple Mitsubishi Electric MELSEC-Q Serie...

Ipsilon Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers to provide federated authentication SSO to web applications with pluggable standalone modwsgi applications. A denial of service vulnerability exists in Ipsilon that can be exploited by an attacker to cause a denial of...

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerabilities (USN-3134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3134-1 advisory. It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this t...

[SECURITY] Fedora 25 Update: ansible-2.2.0.0-3.fc25

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

F5 Networks BIG-IP : TMM vulnerability (K87416818)

The Traffic Management Microkernel TMM may suffer from a memory leak while handling certain types of TCP traffic. CVE-2016-7476 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K87416818. The text description o...

[SECURITY] Fedora 24 Update: ansible-2.2.0.0-3.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Command Execution Vulnerability in the datetime Parameter of the Mixcall Seat Management System

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. A command execution vulnerability exists in the...

Unified Diagnostic Services Simulator: UDSim

Unified Diagnostic Services Simulator The UDSim is a graphical simulator that can emulate different modules in a vehicle and respond to UDS request. It was designed as a training tool to run alongside of ICSim. It also has some unique learning features and can even be used to security test...

openSUSE Security Update : virtualbox (openSUSE-2016-1226)

This update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 boo1005621. - Reduce memory needs during build. - Version bump to 5.0.28 released 2016-10-18 by Oracle This is a maintenance...

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

Twitter OSINT framework: Birdwatcher

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be...

CVE-2016-3635

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...

CVE-2016-3635

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...

openSUSE Security Update : nodejs (openSUSE-2016-1172)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...

Design/Logic Flaw

The client in EMC Replication Manager RM before 5.5.3.001-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share...

UBUNTU-CVE-2016-5170

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

Security updates for all active release lines, September 2016

Security updates for all active release lines, September 2016 Update 27-September-2016 Releases available Updates are now available for all active Node.js release lines. These include the recently published versions of OpenSSL 1.0.1 and 1.0.2 as well as fixes for some Node.js-specific...

[SECURITY] Fedora 23 Update: drupal7-panels-3.7-1.fc23

The Panels module allows a site administrator to create customized layouts for multiple uses. At its core it is a drag and drop content manager that lets you visually design a layout and place content within that layout. Integration with other systems allows you to create nodes that use this,...