[SECURITY] Fedora 27 Update: ruby-2.4.5-90.fc27

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 28 Update: ruby-2.5.3-94.fc28

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 28 Update: libarchive-3.3.3-1.fc28

Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

Nagios XI Unauthorized API Key Regeneration Vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. Nagios XI 5.5.6 suffers from an unauthorized API key regeneration vulnerability. A remote authenticated attacker can exploit this...

Hackertarget - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery

Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...

Google logins: JavaScript now required

Google users: In news that may sound alarming, it is now a requirement for you to enable JavaScript. Why? When your username and password are entered on Google’s sign-in page, Google runs a risk assessment and only allows the sign-in if nothing looks suspicious. Recently, Google went about...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Request Forgery Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

Modbus Slave PLC 7 Buffer Overflow

Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kagan Capar Discovery Date: 2018-10-27 Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS: Windows XP SP3 ENG other versio...

Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kağan Çapar Discovery Date: 2018-10-27 Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS: Windows XP SP3 ENG other versio...

Saga Radio SAGA1-L8B Firmware Upgrade Remote Code Execution Vulnerability

This vulnerability allows attackers with physical access to modify firmware on vulnerable installations of Saga Radio equipment. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the device...

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes

/ Linux/x86 - execve/bin/cat /etc/ssh/sshdconfig Shellcode 44 Bytes Author: Goutham Madhwaraj Tested on: i686 GNU/Linux Shellcode Length: 44 ShoutOut - BarrierSec gcc -fno-stack-protector -z execstack loader-bind.c -o Disassembly of section .text: 08048080 : 8048080: 31 c0 xor eax,eax 8048082: 50...

foreman: Ovirt admin password exposed by foreman API

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource...

[SECURITY] Fedora 29 Update: nekovm-2.2.0-8.fc29

Neko is a high-level dynamically typed programming language which can also be used as an embedded scripting language. It has been designed to provide a common run-time for several different languages. Neko is not only very easy to learn and use, but also has the flexibility of being able to exten...

[SECURITY] Fedora 29 Update: julia-1.0.1-3.fc29

Julia is a high-level, high-performance dynamic programming language for technical computing, with syntax that is familiar to users of other technical computing environments. It provides a sophisticated compiler, distributed parallel execution, numerical accuracy, and an extensive mathematical...

CVE-2018-1000810

CVE-2018-1000810 affects the Rust standard library up to version 1.29.0 (including 1.28.0, 1.27.x, etc.), caused by a CWE-680 integer overflow to buffer overflow in the internal handling of str::repeat. The vulnerability could lead to a buffer overflow and is fixed in 1.29.1. Affected products re...

CVE-2018-1000810

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat,...

CVE-2018-1000810

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat,...

[SECURITY] Fedora 28 Update: rust-1.29.1-2.fc28

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...