ALPINE-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

UBUNTU-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

DEBIAN-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

CVE-2017-7650

CVE-2017-7650 affects Eclipse Mosquitto up to version 1.4.11 (before 1.4.12). The vulnerability arises from pattern-based ACLs that can be bypassed when clients set their username or client id to '#' or '+', allowing locally or remotely connected clients to access MQTT topics they should not be a...

PT-2017-4168

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.1.10 Roundcube Webmail versions 1.2.x prior to 1.2.7 Roundcube Webmail versions 1.3.x prior to 1.3.3 Description The issue is related to file-based attachment plugins and allows unauthorized access to...

EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205)

According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An...

Lynis 2.5.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

CrackLord - Queue and Resource System For Cracking Passwords

CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...

CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2017-13765

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation...

MGASA-2017-0320 Updated gstreamer0.10-plugins-base and gstreamer1.0-plugins-base packages fix security vulnerabilities

Denial of service in GStreamer base plugins can be caused by floating point exceptions CVE-2017-5837, CVE-2017-5844, stack overflow CVE-2017-5839, or out-of-bounds heap read CVE-2017-5842. Note that GStreamer 0.10 was only affected by the floating point exceptions...

Updated gstreamer0.10-plugins-base and gstreamer1.0-plugins-base packages fix security vulnerabilities

Denial of service in GStreamer base plugins can be caused by floating point exceptions CVE-2017-5837, CVE-2017-5844, stack overflow CVE-2017-5839, or out-of-bounds heap read CVE-2017-5842. Note that GStreamer 0.10 was only affected by the floating point exceptions...

DJI Launches Drone Bug Bounty Program

The lack of security in commercial drones has been well documented, but one Chinese manufacturer is working to fix that by incentivizing researchers who can poke holes in the software its drones run on. One of the largest unmanned aerial vehicle manufacturers, Dà-Jiāng Innovations Science and...

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. curl -X POST --data ""...

How To Automate Security Analysis with the RIPS API

RIPS API RIPS exposes a powerful REST-API, an interface specifically designed for developers and their applications. It is used to provide the web interface with analysis results, to start scans through plugins, to manage users, and much more. In short, the API enables easy automation of all RIPS...

Activity Stream Gadget causing high memory/CPU consumption

+Problem Definition+ Activity Stream Gadget causing high memory/CPU consumption when there is 1 million+ of records in the AO563AEEACTIVITYENTITY table. In this particular case, found that majority of these records are from 3rd party plugins Insight. However, do note that this can happen to any...

Plecost v1.1.1 - Wordpress Finger Printer Tool

What's Plecost? Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. Why? There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge ...

USN-3379-1 shotwell vulnerability

It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...