April 21, 2020—KB4550947 (OS Build 14393.3659)

April 21, 2020—KB4550947 OS Build 14393.3659 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

Update the copy of the Cmitrust.dll file in Windows

Update the copy of the Cmitrust.dll file in Windows This article describes an update that fixes an issue in Windows Server 2008 R2 and improves the copy of the Cmitrust.dll file in Windows 8.1, Windows RT 8.1, Windows 8, Windows RT, and Windows 7. Before you install this update, notice that the...

Update to support copying .mkv files to Windows Phone from a computer that is running Windows

Update to support copying .mkv files to Windows Phone from a computer that is running Windows This article describes an update to add support for copying .mkv files from a Windows-based computer to a Windows Phone 8.1 via Windows Explorer. Before you install this update, check out the Prerequisit...

"Access denied" error when you use a Windows Store app to configure printer property settings in Windows

"Access denied" error when you use a Windows Store app to configure printer property settings in Windows This article describes an issue that occurs when you use a Windows Store app in Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2. An update is available to resolve this issue. Before you...

maltrail

Maltrail is a malicious traffic detection system that utilizes publicly available blacklists containing malicious and/or generally suspicious trails. It also uses optional advanced heuristic mechanisms to help in discovery of unknown threats. The system can be configured to ignore certain events...

Cisco NX-OS Software Data Forgery Issue Vulnerability (CNVD-2020-14755)

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A data forgery vulnerability exists in the Optional Broadcast Gateway feature of Cisco NX-OS Software, which arises from the program failing to properly validate received...

Authorization

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these...

February 25, 2020—KB4537819 (Preview of Monthly Rollup)

February 25, 2020—KB4537819 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4537821released February 11, 2020 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses ...

CentOS: Security Advisory for qemu-img (CESA-2020:0366)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Information disclosure

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

January 23, 2020—KB4534320 (Preview of Monthly Rollup)

January 23, 2020—KB4534320 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4534283released January 14, 2020 and also includes these new quality improvements as a preview of the next Monthly Rollup update: No additiona...

bbPress Members Only <= 1.2.1 - CSRF on Optional Settings page

The plugin does not prevent Cross-Site Request Forgery attacks on its 'Optional Settings' page. PoC...

AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process

Attack Surface Mapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It...

Prime95 Version 29.8 build 6 - Buffer Overflow (SEH)

Prime95 Version 29.8 build 6 - Buffer Overflow SEH Exploit Title: Prime95 Version 29.8 build 6 - Buffer Overflow SEH Date: 2019-12-22 Vendor Homepage: https://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v298b6.win32.zip Exploit Author: Achilles Tested Version: 29.8...

November 19, 2019—KB4525242 (Preview of Monthly Rollup)

November 19, 2019—KB4525242 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4525246released, November 12, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: No...

September 24, 2019—KB4516030 (Preview of Monthly Rollup)

September 24, 2019—KB4516030 Preview of Monthly Rollup IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some operating systems must follow specific procedures to continue receiving security updates after extended support ends on January 14, 2020...

SysAnalyzer - Automated Malcode Analysis System

SysAnalyzer is an open-source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system. A full installer for the application is available and can be downloaded here. The application...

FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Authentication bypass vulnerability in Cisco’s IOS XE REST API

This is an authentication bypass vulnerability in Cisco’s IOS XE series OS. While it can target a large swath of Cisco’s switches and routers, it requires the Cisco REST API Container for IOS to be turned on, as it is not on by default. Recent assessments: bwatters-r7 at September 12, 2019 6:06pm...

Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ

This is a multi-use bash script for Linux systems to audit wireless networks. All the needed info about how to "install | use | enjoy" airgeddon is present at Github's Wiki. I. Content & Features Home Features Screenshots Wallpapers II. Requirements Requirements Compatibility Essential Tools...