Oracle: Security Advisory (ELSA-2016-3509)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2016-3510)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PageSpeed Modules (mod_pagespeed/ngx_pagespeed) Admin Pages accessible

The script attempts to identify Admin Pages of the PageSpeed Modules modpagespeed/ngxpagespeed. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

BackdoorMe - Powerful Auto-Backdooring Utility

Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility. Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3503 advisory. - ipc/sem.c: fully initialize semarray before making it visible Manfred Spraul Orabug: 22250043 CVE-2015-7613 - Initialize msg/shm IPC objects befo...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3502 advisory. - KEYS: Don't permit requestkey to construct a new keyring David Howells Orabug: 22373449 CVE-2015-7872 - crypto: add missing crypto module aliases...

[SECURITY] Fedora 23 Update: arts-1.5.10-30.fc23

arts analog real-time synthesizer is the sound system of KDE 3. The principle of arts is to create/process sound using small modules which do certain tasks. These may be create a waveform oscillators, play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the...

Scientific Linux Security Update : autofs on SL7.x x86_64 (20151119)

It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note: This...

PT-2018-03: Control Takeover in Siemens DIGSI 4 and EN100 Ethernet modules

The specialists of the Positive Research center have detected a Control Takeover vulnerability in Siemens DIGSI 4 and EN100 Ethernet modules. Vulnerability allows unauthenticated remote, low-skilled attackers to upload a modified device configuration overwriting access authorization passwords, an...

PT-2018-05: Unauthorized Firmware Modification in Siemens EN100 Ethernet modules

The specialists of the Positive Research center have detected an Unauthorized Firmware Modification vulnerability in Siemens EN100 Ethernet modules. Vulnerability allows unauthenticated attackers to upgrade or downgrade the firmware of the affected device including to older versions with known...

Mosca - Static Analysis Tool To Find Bugs

Just another Simple static analysis tool to find bugs like a grep unix command, at mosca have a modules, that was call egg, each egg is a simple config to find bug at especific language like PHP,Ruby,ASP etc... Example of egg config at directory "egg", If Mosca read a line with vunerability of eg...

Joomlavs - A Black Box, Joomla Vulnerability Scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself. How to insta...

bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability

bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...

Oracle: Security Advisory (ELSA-2015-3107)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 BIG-IP - Linux kernel vulnerability CVE-2015-7613

The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

OpenMRS 2.3 (1.11.4) - Expression Language Injection Vulnerability

Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - XML External Entity Processing

!/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary:...

Offensive Powershell Console: PSPunch

PSPunch combines some of the best projects in the infosec powershell community into a self contained executable. It’s designed to evade antivirus and Incident Response teams. 1. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the dotNet framework. 2. The modules th...

openSUSE Security Update : dracut (openSUSE-2015-846)

This update for dracut fixes the following issues : - Skip ibft setup via dhcp if dhcp ip is 0.0.0.0 boo953361 Added 0312-iscsi-skip-ibft-invalid-dhcp.patch - Modify 0169-enabled-warning-for-failed-kernel-modules-per-defau l.patch - Add notice boo952491 - Refresh patches with line offsets: M...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...