kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcpcollapseofoqueue and tcppruneofoqueue functions by sending specially modified packets within ongoing T...

IBM WebSphere MQ Login Check

This module can be used to bruteforce usernames that can be used to connect to a queue manager. The name of a valid server-connection channel without SSL configured is required, as well as a list of usernames to try. This module requires Metasploit: https://metasploit.com/download Current source:...

Identify Queue Manager Name and MQ Version

Run this auxiliary against the listening port of an IBM MQ Queue Manager to identify its name and version. Any channel type can be used to get this information as long as the name of the channel is valid. This module requires Metasploit: https://metasploit.com/download Current source:...

DEBIAN-CVE-2018-18386

drivers/tty/ntty.c in the Linux kernel before 4.14.11 allows local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ...

UBUNTU-CVE-2018-8006

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

May 25, 2017—KB4020102 (OS Build 15063.332)

May 25, 2017—KB4020102 OS Build 15063.332 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where NTLM fails to generate a challenge response when CredGuard is enabled, NTLMv...

kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcpcollapseofoqueue and tcppruneofoqueue functions by sending specially modified packets within ongoing T...

Information about SegmentSmack findings

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure CVE-2018-5390. PAN-OS/Panorama platforms are not impacted by...

BSA-2018-696

Security Advisory ID : BSA-2018-696 Component : Kernel Revision : 1.0: Final A TCP data structure in supported versions of FreeBSD 11, 11.1, 11.2, 10, and 10.4 use an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the numbe...

October 17, 2017—KB4041685 (Preview of Monthly Rollup)

October 17, 2017—KB4041685 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4041693 released October 10, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addressed...

[SECURITY] Fedora 27 Update: blktrace-1.2.0-6.fc27

blktrace is a block layer IO tracing mechanism which provides detailed information about request queue operations to user space. This package includes both blktrace, a utility which gathers event traces from the kerne l; and blkparse, a utility which formats trace data collected by blktrace. You...

Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages

Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...

BSA-2018-686

Security Advisory ID : BSA-2018-686 Component : Kernel Revision : 1.0: Final Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of servic...

VK.com: Узнаем несколько цифр номера телефона юзера (можно флудить смс), всего раз узнав его remixsid и его ид юзера, и установка оффлайна юзерам.

Недостаточные проверки сессии. Было можно узнать часть номера телефона юзера и отправлять ему смс с ссылкой на приложение https://vk.com/mobile всего раз узнав его remixsid, вне зависимости сколько раз были ресетнуты сессии. Самый давний валидный для этой темы remixsid был давности май 2016 года...

CloudBees Jenkins Unauthorized Operation Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

Dell EMC NetWorker Clear-Text Authentication Vulnerability

Dell EMC NetWorker is a suite of unified backup and recovery software from Dell USA. The software provides backup and recovery, deduplication elimination, backup reporting and other features. A Clear-Text authentication vulnerability exists in Dell EMC NetWorker, where user credentials are sent i...

lillypulitzer.queue-it.net Open Redirect vulnerability

Open Bug Bounty ID: OBB-655243 Description| Value ---|--- Affected Website:| lillypulitzer.queue-it.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

CVE-2018-1999003

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds...

IBM WebSphere MQ Managed File Transfer Information Disclosure Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM WebSphere MQ Managed File Transfer is one of the tools used to manage file transfers in the system. A security vulnerability exists in I...

IBM WebSphere MQ Information Disclosure Vulnerability (CNVD-2018-15743)

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. An information disclosure vulnerability exists in IBM WebSphere MQ versions 8.0 through 9.0, which originates from the...