Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts

This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format an...

CVE-2019-9713

An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access...

CVE-2019-9713

An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access...

[20190304] - Core - Missing ACL check in sample data plugins

The sample data plugins lack ACL checks, allowing unauthorized access...

Drupal 8.6.9 - REST Module Remote Code Execution

Drupal 8.6.9 - REST Module Remote Code Execution !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...

TAU Threat Intelligence Notification: New macOS Malware Variant of Shlayer (OSX) Discovered

Carbon Black’s Threat Analysis Unit TAU recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily...

Conpot - An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems Documentation The build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ...

Webmin 1.890 Cross Site Scripting

Vulnerability type: Reflected Cross Site Scripting Vendor: http://www.webmin.com/index.html Product: Webmin Affected version: 1.890 Credit: Foo Jong Meng CVE ID: CVE- 2018-19191 DESCRIPTION: After logging into the webmin interface, attack can be launched by injecting the XSS payload at the affect...

PT-2023-3406 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac versions prior to 2.2.2 Description: The issue is related to a NULL Pointer Dereference in the gpac library, specifically in the gf isom fragment add sample ex function located in isomedia/movie fragments.c. This could allow a remote...

PT-2022-18247 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC mp4box version 1.1.0-DEV-rev1727-g8be34973d-master Description: The issue is a stack-overflow vulnerability in the gf isom get sample for movie time function of mp4box. Recommendations: For GPAC mp4box version...

Bento4 Excessive Memory Allocation Vulnerability

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. Bento4 1.5.1-627 suffers from an excessive memory allocation vulnerability that can be exploited by an attacker to trigger an attempt at excessive memory allocation via AP4Sample::ReadData in Core/Ap4Sample.cpp...

CVE-2018-20189

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping which is not available beyond 8-bits/sample, and therefore lacks indexes...

Code injection

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

ALPINE-CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

DEBIAN-CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

UBUNTU-CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +129 more potentially affected by CVE-2018-1314 via org.apache.hive:hive-jdbc (>=0.11.0 <=2.3.2)

org.apache.hive:hive-jdbc MAVEN version =0.11.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2018-1314 Source advisory: OSV:GHSA-JMF4-PQ78-F8VJ...

CVE-2018-19348

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting...

Out-of-bounds

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at...