SUSE-SU-2016:2476-1 Security update for systemd

This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

Moderate: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update

An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : Virtualization Manager (RHSA-2016:1929)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Microsoft Office Information Disclosure Vulnerability (CNVD-2016-07925)

Microsoft Office is a suite of office software products developed by Microsoft.Visual Basic macros is one of the programming languages dedicated to performing common automation OLE tasks in desktop applications. An information disclosure vulnerability exists in Visual Basic macros in Microsoft...

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CactuShop 7 Database Disclosure

======================================================================== | Title : CactuShop v7 Database Disclosure Exploit | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v7 | Vendor : http://www.venshop.com/down/venshop2010.rar...

Scrapy Python Crawler: Crawlpy

Python web spider/crawler based on scrapy with support for POST/GET login, variable level of recursions/depth and optionally save to disk. Requirements python 2.7 lxml pip pip install Scrapy Features POST/GET Login prior crawling Can handle logins that requires dynamic CSRF token Variable level o...

Evolutionary Knowledge Based Fuzzer: Choronzon

Evolutionary Knowledge Based Fuzzer Choronzon is an evolutionary fuzzer. It tries to imitate the evolutionary process in order to keep producing better results. To achieve this, it has an evaluation system to classify which of the fuzzed files are interesting and which should be dropped. Moreover...

Arbitrary File Write Vulnerability in SiteServer CMS Backend

SiteServer CMS is a website content management system developed by Beijing Billion Software Technology Development Co., Ltd. and is widely used in state ministries, group companies and large-scale portal sites. The information collection function in the management background of SiteServer CMS doe...

[SECURITY] Fedora 22 Update: vtun-3.0.3-15.fc22

VTun provides a method for creating Virtual Tunnels over TCP/IP networks and allows one to shape, compress, and encrypt traffic in those tunnels. Supported types of tunnels are: PPP, IP, Ethernet and most other serial protocols and programs. VTun is easily and highly configurable: it can be used...

Google Android N Preview — 6 Cool Features That You Should Know

Android N Developer Preview, an early beta of Google’s new mobile operating system that was expected to launch on Google I/O in mid-May, is unexpectedly launching right now. Android N Developer Preview for the Nexus 6P, Nexus 5X, Nexus 6, Pixel C Nexus 9, the Nexus Player and the General Mobile 4...

FreeBSD : drupal -- multiple vulnerabilities (59a0af97-dbd4-11e5-8fa8-14dae9d210b8)

Drupal Security Team reports : - File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical - Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical - Open redirect via path manipulation Base system - Drupal 6, 7...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

How to Set the Time Zone of the NetScaler Appliance to UTC Time Zone

This article contains the procedure to change the time zone of the NetScaler appliance to Coordinated Universal Time UTC if the appliance is set to another time zone. When setting the appliance to the UTC time zone, it can be confusing to refer to a relevant city. To avoid such uncertainty, you c...

libreport security update

2.0.9-25.0.1 - Add Fix-for-bug-21110293.patch bug 21110293 - Add oracle-enterprise.patch and oracle-enterprise-po.patch - Remove libreport-plugin-rhtsupport pkg 2.0.9-25 - save all files changed by the reporter in the reporting GUI - Fixes CVE-2015-5302 - Resolves: 1282143...

Official Name of Android M is 'Marshmallow' [Version 6.0]

"Android M will be Muffin?, or Mango shake?, Milkshake?, Malt ball?, Moon Pie?, Macaroon?, or is it Mars?, Marshmallow?"... …this was the guessing game that occupied most of us when Google created a suspense three months ago, at the launch of the Android M Developer Preview at Google I/O in May...

Trend Micro InterScan Web Security Virtual Appliance Multiple Information Disclosure Vulnerabilities

Trend Micro InterScan Web Security Virtual Appliance is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Windows 10 to deliver updates and App downloads via Peer-to-Peer Technology

Does downloading Windows updates from Microsoft's servers and waiting too long really annoy you? It might not be with the arrival of Windows 10. Microsoft seems to make a major change in Windows 10 to the way it delivers updates for the software. The leaked version of Windows 10 build 10036 the...

XSSYA v2.0 - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation written in python scripting language confirm the XSS Vulnerability in two method first work by execute the payload encoded to bypass Web Application Firewall which is the first method request and responseif it respond 200 it turn...

Concrete CMS: Stored Xss in Feature Paragraph

XSS payload can be executed and saved permanently in Feature Paragraph. Poc code: "...