CloudBees Jenkins CI and LTS Cross-Site Scripting Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...

CVE-2015-7539

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin...

Code injection

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin...

CVE-2015-7539

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin...

CVE-2015-7539

CVE-2015-7539 affects Jenkins: Plugins Manager in Jenkins (non-LTS prior to 1.640 and LTS prior to 1.625.2) does not verify checksums for plugin files referenced in update site data, enabling potential MITM exploitation to run arbitrary code via a crafted plugin. Remediation: upgrade Jenkins to 1...

CVE-2015-7539

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin...

SEE - Sandboxed Execution Environment

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

BlackEnergy APT Group Spreading Malware via Tainted Word Docs

Attackers have begun using rigged Microsoft Word documents propagated via spearphishing emails to spread the BlackEnergy Trojan. Researchers with Kaspersky Lab’s Global Research and Analysis Team discovered a malicious Word document last week that appears to stem from a campaign against one of th...

[SECURITY] Fedora 23 Update: owncloud-8.0.10-1.fc23

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

WiFi-Pumpkin - Framework For Rogue Wi-Fi Access Point Attack

WiFi-Pumpkin is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snooping on the traffic. can be used to capture of credentials of unsuspecting users by either snooping the communication by phishing...

Database Assessment Tool: DbDat

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

Design/Logic Flaw

The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcphandler argument...

Faraday 1.0.16 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday introduces a new concept - IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. This version comes with major changes to our Web UI, including the...

Sandboxed Execution Environment: SEE

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

Pyersinia - Network Attack Tool

Pyersinia is a similar tool to Yersinia, but Pyersinia is implemented in Python using Scapy. The main objective is the realization of network attacks such as spoofing ARP, DHCP DoS , STP DoS among others. The community can add new attacks on the tool in a simple way, using plugins. This is becaus...

abrt, libreport security update

CentOS Errata and Security Advisory CESA-2015:2505 Updated abrt and libreport packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

openSUSE Security Update : docker (openSUSE-2015-792)

Docker was updated to version 1.9.0, bringing features and bugfixes bnc954812 : - Runtime : - docker stats now returns block IO metrics 15005 - docker stats now details network stats per interface 15786 - Add ancestor= filter to docker ps --filter flag to filter containers based on their ancestor...

[SECURITY] Fedora 21 Update: dovecot-2.2.19-1.fc21

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...

[SECURITY] Fedora 21 Update: owncloud-8.0.9-1.fc21

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

[SECURITY] Fedora 22 Update: owncloud-8.0.9-1.fc22

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...