CVE-2017-3897

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus MSS+ versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response...

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure

Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and technologies that help customers worldwide print, secure and manage information with ease, efficiency and unmatched value...

Limitations of NetScaler Gateway OPSWAT EPA Scan

NetScaler Gateway as such does not have a whitelist or blacklist of products and relies on the OPSWAT for this. If a particular product is not present in the NetScaler predefined expressions then this product is not supported for EPA scans. When using a generic scan OPSWAT scans all the supported...

UBUNTU-CVE-2017-13728

There is an infinite loop in the nextchar function in compscan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack...

The WireX Botnet warning Bulletin-vulnerability warning-the black bar safety net

2017 8 May 17, named WireX BotNet the botnet by masquerading ordinary Android applications the way a large number of infected Android devices and launched a large-scaleDDoSattack, this caused a portion of the CDN provider's note, and thereafter from Akamai, Cloudflare, Dragon Age, Google, Oracle...

Nili - Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing

Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing. Prerequisites Python - Python Programming Language Scapy - Interactive Packet Manipulation Program Netzob - Protocol Reverse Engineering, Modeling and Fuzzing Installing Here is some Instructions for...

CVE-2017-9640

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

CVE-2017-9644

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5....

Five Tips for Getting Started with Scuba Database Vulnerability Scanner

Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels, that allows you to uncover potential database security risks. It includes more than 2,300 assessment tests for Oracle, Microsoft SQL Server, SAP Sybase, IBM D...

dockerscan - Docker Security Analysis and Hacking Tools

What's dockerscan A Docker analysis tools Very quick install python3.5 -m pip install -U pip python3.5 -m pip install dockerscan Show options: dockerscan -h Available actions Currently Docker Scan support these actions: Scan: Scan a network trying to locate Docker Registries Registry Delete: Dele...

CVE-2015-9047

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup...

Mark host as dead if going offline (failed ICMP ping) during scan - Phase 5

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mark host as dead if going offline (failed ICMP ping) during scan - Phase 4

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mark host as dead if going offline (failed ICMP ping) during scan - Phase 6

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RED HAWK v2.0.0 - All in one tool for Information Gathering, Vulnerability Scanning and Crawling

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scannig and Crawling. Coded In PHP. Features: Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois Lookup IMPROVED Geo-IP Lookup Grab Banners...

McAfee Security Scan Plus < 3.11.587.1 Protection Level UI Element Download MitM Command Execution (TS102714)

The version of McAfee Security Scan Plus installed on the remote Windows host is prior to 3.11.587.1. It is, therefore, affected by a flaw that is triggered as HTML elements for displaying the Protection Level in the UI are requested using a cleartext protocol. This may allow a man-in-the-middle...

Trend Micro OfficeScan 'Proxy.php' Command Injection Vulnerability

Trend Micro OfficeScan is a suite of distributed anti-virus software from Trend Micro. A command injection vulnerability exists in Trend Micro OfficeScan version 11 and XG 12. A remote attacker could exploit this vulnerability to execute arbitrary code...

Automated Information Gathering & Service Enumeration: Reconnoitre

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. Usage This...

McAfee Security Scan Plus Man-in-the-Middle Security Bypass Vulnerability

McAfee Security Scan Plus is a free set of diagnostic tools from McAfee USA. The product proactively checks your computer for up-to-date antivirus, firewall, and Web security software so that you always know if your computer is safe so that it is protected. A security bypass vulnerability exists ...

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day, affecting organizations in several European countries and the US. It is believed that the ransomworm achieved its initial infection via a compromised software update, and that it then leverages the EternalBlue and...