Solaris 10 (x86) : 149176-13 (deprecated)

SunOS 5.10x86: qlc patch. Date this patch was last updated by Sun : Jan/16/18 This plugin has been deprecated and either replaced with individual 149176 patch-revision plugins, or deemed non-security related. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12. Deprecated and...

Lynis 2.5.9 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

[SECURITY] Fedora 27 Update: awstats-7.6-8.fc27

Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...

RHEL 7 : rhevm-setup-plugins (RHSA-2018:0051) (Spectre)

An update for rhevm-setup-plugins is now available for RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

RHEL 6 : rhevm-setup-plugins (RHSA-2018:0052) (Spectre)

An update for rhevm-setup-plugins is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Debian: Security Advisory (DLA-829-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-828-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

(RHSA-2018:0052) Important: rhevm-setup-plugins security, bug fix, and enhancement update

The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase...

(RHSA-2018:0051) Important: rhevm-setup-plugins security, bug fix, and enhancement update

The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase...

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

MGASA-2018-0014 Updated gstreamer0.10-plugins-ugly/gstreamer1.0-plugins-ugly packages fix security vulnerability

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...

MGASA-2018-0012 Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability

Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...

MGASA-2017-0480 Updated shotwell packages fix security vulnerability

It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission CVE-2017-1000024...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

Design/Logic Flaw

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

CVE-2017-17780 describes a Reflected XSS in the Clockwork SMS WordPress integration. The vulnerability resides in clockwork-test-message.php and is triggered by a crafted value in the GET parameter to, e.g., wp-admin/admin.php?page=clockwork_test_message. The issue affects multiple plugins that e...