Information disclosure

The Configuration Patterns component in IBM Flex System Manager FSM 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module CMM account creation, which makes it easier for remote authenticated users to defeat cryptographic protection...

2014 Verizon Data Breach Investigations Report DBIR

Most of us—hopefully—awaken every day, shower and brush our teeth. If you own a home, you patch a leaky roof and paint the shutters so they don’t rot. You own a vehicle, you change the oil when you’re supposed to and make sure the brakes work the way they’re supposed to. It’s simple hygiene. Yet ...

Authentication flaw

The libobby server in inc/server.hpp in libnet6 aka net6 before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences...

CVE-2011-4091

The CVE-2011-4091 issue affects libnet6 (net6) via the libobby server in inc/server.hpp, where authentication is not performed before checking the username. Affects libnet6 versions prior to 1.3.14. Impact is information disclosure (server-usage patterns, color preferences). Remediation: update t...

[MIDAS] Mac Intrusion Detection Analysis System

MIDAS is a framework for developing a Mac Intrusion Detection Analysis System, based on work and collaborative discussions between the Etsy and Facebook security teams. This repository provides a modular framework and a number of helper utilities, as well as an example module for detecting...

DDoS Attacks : A Serious unstoppable menace for IT security communities

It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service DDoS attack. By now, everyone who uses the Interne...

Poison Ivy RAT Spotted in Three New China Attacks

The Poison Ivy remote access Trojan may be old, but it’s not losing favor with nation states that continue to make it the center piece of targeted attacks. Three groups of hackers, reportedly all with ties to China and possibly related in terms of their funding and training, are currently managin...

[fuzzdb] Attack and Discovery Pattern Database for Application Fuzz Testing

fuzzdb aggregates known attack patterns, predictable resource names, server response messages, and other resources like web shells into the most comprehensive Open Source database of malicious and malformed input test cases. What's in fuzzdb? Predictable Resource Locations - Because of the...

http-dombased-xss NSE Script

It looks for places where attacker-controlled information in the DOM may be used to affect JavaScript execution in certain ways. The attack is explained here: See also: http-stored-xss.nse http-phpself-xss.nse http-xssed.nse http-unsafe-output-escaping.nse Script Arguments...

[SECURITY] Fedora 17 Update: kubrick-4.10.5-1.fc17

Kubrick is a puzzle cube solving game. The cube sizes range from 2x2x2 easy up to 6x6x6 very hard, or you can play with irregular =E2=80=9Cbricks=E2=80=9D such as 5x3x2 and =E2=80=9Cmats=E2=80=9D one cubi e thick such as 6x4x1. The game has a selection of puzzles at several levels of difficulty, ...

[SECURITY] Fedora 18 Update: kubrick-4.10.5-1.fc18

Kubrick is a puzzle cube solving game. The cube sizes range from 2x2x2 easy up to 6x6x6 very hard, or you can play with irregular =E2=80=9Cbricks=E2=80=9D such as 5x3x2 and =E2=80=9Cmats=E2=80=9D one cubi e thick such as 6x4x1. The game has a selection of puzzles at several levels of difficulty, ...

[Netsparker v3.0.2.0 Community Edition] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

http-comments-displayer NSE Script

Extracts and outputs HTML and JavaScript comments from HTTP responses. Script Arguments http-comments-displayer.singlepages Some single pages to check for comments. For example, "/", "/wiki". Default: nil crawler mode on http-comments-displayer.context declares the number of chars to extend our...

[SECURITY] Fedora 17 Update: kubrick-4.10.4-1.fc17

Kubrick is a puzzle cube solving game. The cube sizes range from 2x2x2 easy up to 6x6x6 very hard, or you can play with irregular =E2=80=9Cbricks=E2=80=9D such as 5x3x2 and =E2=80=9Cmats=E2=80=9D one cubi e thick such as 6x4x1. The game has a selection of puzzles at several levels of difficulty, ...

code_disclosure

This plugin greps every page in order to find code disclosures. Basically it greps for ?.? and %.% using the re module and reports findings. Code disclosures are usually generated due to web server misconfigurations, or wierd web application "features". Plugin type Grep Options This plugin doesnt...

[SECURITY] Fedora 19 Update: kubrick-4.10.4-1.fc19

Kubrick is a puzzle cube solving game. The cube sizes range from 2x2x2 easy up to 6x6x6 very hard, or you can play with irregular =E2=80=9Cbricks=E2=80=9D such as 5x3x2 and =E2=80=9Cmats=E2=80=9D one cubi e thick such as 6x4x1. The game has a selection of puzzles at several levels of difficulty, ...

Fedora 19 : python-backports-ssl_match_hostname-3.2-0.3.a3.fc19 (2013-8746)

Fixes CVE-2013-2098 -- Denial of Service with SSL certificates which have specially crafted wildcard patterns. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...

Oracle Delays Java 8 Features for Security Overhaul

It’s not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it’s a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but...

SQL Injection framework: Seringa

Seringa – SQL Injection framework Seringa Romanian for seringe is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation FoundationWPF for the GUI. With regard to design it utilize...

ruby -- Unintentional file creation caused by inserting an illegal NUL character

The official ruby site reports: A vulnerability was found that file creation routines can create unintended files by strategically inserting NULs in file paths. This vulnerability has been reported as CVE-2012-4522. Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the...