'Zip Slip' Vulnerability Affects Thousands of Projects Across Many Ecosystems

Security researchers at British software firm Snyk have revealed details of a critical vulnerability that affects thousands of projects across many ecosystems and can be exploited by attackers to achieve code execution on the target systems. Dubbed "Zip Slip ," the issue is an arbitrary file...

SUSE-SU-2018:1516-1 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2)

This update for the Linux Kernel 4.4.90-9250 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel 6...

[SECURITY] Fedora 26 Update: ruby-2.4.4-88.fc26

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Dataiku DSS Information Disclosure Vulnerability

Dataiku DSS is a data processing collaboration platform. the REST API is one of the APIs that supports lightweight REST style web scripts. A security vulnerability exists in the REST API in Dataiku DSS versions prior to 4.2.3. A remote attacker could exploit the vulnerability to obtain sensitive...

EulerOS 2.0 SP1 : libvncserver (EulerOS-SA-2018-1139)

According to the version of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LibVNCServer makes writing a VNC server or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol easy.It hide...

OWASP Joomla Vulnerability Scanner Project: JoomScan

OWASP JoomScan short for Joomla Vulnerability Scanner is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis. If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and...

CVE-2018-7248

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

[SECURITY] Fedora 28 Update: perl-5.26.2-410.fc28

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4097)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4097 advisory. 2.6.39-400.298.7 - net/rds: Fix endless RNR situation Hakon Bugge Orabug: 27645402 - x86/entry/64: Dont use IST entry for BP stack Andy Lutomirski...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4098)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4098 advisory. kernel-uek 3.8.13-118.20.7 - x86/entry/64: Dont use IST entry for BP stack Andy Lutomirski CVE-2018-8897 Tenable has extracted the preceding description blo...

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

DEBIAN-CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

IBM API Connect Information Disclosure Vulnerability (CNVD-2018-09244)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect. An attacker can exploit the vulnerability to gai...

Exim base64d Remote Code Execution

!/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s = socket.createconnectionhost,port f = s.makefile'rw', bufsize=0 def p...

AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit And AutoScanner

Massive NSE Nmap Scripting Engine AutoSploit and AutoScanner. The Nmap Scripting Engine NSE is one of Nmap's most powerful and flexible features. It allows users to write and share simple scripts using the Lua programming language to automate a wide variety of networking tasks. Those scripts are...

R Buffer Overflow Vulnerability (CNVD-2018-10175)

R is a free software environment for statistical computing and graphics that supports a wide range of UNIX, Windows and macOS platforms. A buffer overflow vulnerability exists in R version 3.4.4. A local attacker could exploit this vulnerability to execute code...

[SECURITY] Fedora 26 Update: perl-5.24.4-397.fc26

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Linux/x86 execve /bin/sh Encoded Shellcode (44 bytes)

/ ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-shellcode-encoder/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 44 bytes ; Tested on : i686 GNU/Linux...