Lucene search
K

7082 matches found

Fedora
Fedora
added 2020/04/09 2:47 p.m.17 views

[SECURITY] Fedora 32 Update: haproxy-2.1.4-1.fc32

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/08 8:30 a.m.5 views

Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named "darknexus" by Bitdefender...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/07 11:36 a.m.27 views

CVE-2019-12781

An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...

5.3CVSS0.6AI score0.01697EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/06 9:2 a.m.78 views

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.47694EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/04/06 9:2 a.m.3 views

Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...

5.3CVSS7.2AI score0.01697EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.6 views

The vulnerability of the RARP protocol in real-time operating systems like Wind River VxWorks allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the RARP protocol in real-time operating systems of Wind River VxWorks is related to errors in processing unwanted reverse ARP responses a logical flaw. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

7.5CVSS8.1AI score0.04116EPSS
Exploits0References5Affected Software4
RedHat Linux
RedHat Linux
added 2020/04/02 1:51 p.m.90 views

Critical: Red Hat Security Advisory: rh-haproxy18-haproxy security update

An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.9AI score0.60727EPSS
Exploits0References3
Debian
Debian
added 2020/04/02 1:13 p.m.68 views

[SECURITY] [DSA 4649-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4649-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 02, 2020 https://www.debian.org/security/faq -...

8.8CVSS8.7AI score0.60727EPSS
Exploits0
FireEye
FireEye
added 2020/04/02 12:0 a.m.18 views

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

Exploits0References8
RedHat Linux
RedHat Linux
added 2020/03/31 9:3 p.m.3 views

lftp: particular remote file names may lead to current working directory erased

It has been discovered that lftp does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker-controlled FTP server, resulting in the removal of all files...

7.8CVSS5.8AI score0.04782EPSS
Exploits1References4
Kitploit
Kitploit
added 2020/03/30 11:30 a.m.77 views

One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

7.8AI score
Exploits0References4
Packet Storm
Packet Storm
added 2020/03/30 12:0 a.m.211 views

Zen Load Balancer 3.10.1 Remote Code Execution

c@kali:/src/eonila/zenload3r$ cat zenload3r.py !/usr/bin/env python zenload3r.py - zen load balancer pwn3r 28.03.2020 @ 22:41 by cody sixteen import base64 import sys, re import requests import ssl from functools import partial ssl.wrapsocket = partialssl.wrapsocket, sslversion=ssl.PROTOCOLTLSv1...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2020/03/25 2:26 p.m.55 views

Unix Command Shell, Reverse TCP (via Tclsh)

Creates an interactive shell via Tclsh This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 184 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinf...

0.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/03/25 7:23 a.m.96 views

Turning an OBD-II reader into a USB / NFC attack tool

One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/24 12:0 a.m.346 views

UCM6202 1.0.18.13 - Remote Command Injection

Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...

10CVSS9.5AI score0.83926EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2020/03/23 12:0 a.m.2 views

PT-2020-3646 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 6.0.0 through 6.2.3 Apache Traffic Server versions 7.0.0 through 7.1.8 Apache Traffic Server versions 8.0.0 through 8.0.5 Description: The issue is related to inconsistent interpretation of HTTP requests,...

9.8CVSS8.2AI score0.03088EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2020/03/23 12:0 a.m.178 views

EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1326)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such...

7.5CVSS7.2AI score0.7179EPSS
Exploits0References5
0day.today
0day.today
added 2020/03/19 12:0 a.m.145 views

Centreon Poller Authenticated Remote Command Execution Exploit

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/03/17 12:0 a.m.307 views

Rconfig 3.x Chained Remote Code Execution Exploit

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...

9.8CVSS1.4AI score0.99683EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.67 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1352)

The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References7
Rows per page
Query Builder