Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the...

CVE-2018-18882

A stored cross-site scripting XSS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface...

[SECURITY] [DLA 1716-1] ikiwiki security update

Package : ikiwiki Version : 3.20141016.4+deb8u1 CVE ID : CVE-2019-9187 The ikiwiki maintainers discovered that the aggregate plugin did not use LWPx::ParanoidAgent. On sites where the aggregate plugin is enabled, authorized wiki editors could tell ikiwiki to fetch potentially undesired URIs even ...

The installation program of the Intel Parallel Studio XE for Windows toolset is vulnerable, allowing attackers to exploit their privileges.

The vulnerability of the Intel Parallel Studio XE for Windows toolset installation program is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

How to Deploy Citrix Receiver for Pass-Through Authentication Using Active Directory Group Policy

This article describes how to deploy and configure CitrixReceiver.exe so that it can be used in Pass-Through authentication mode in a XenApp or XenDesktop deployment. This article also provides a detailed step-by-step guide about deploying and configuring CitrixReciverEnterprise.exe onto a large...

Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)

Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate almost FUD executable even with the most common 32 bit msfvenom payload lower detection ratio with 64 bit payloads. The aim of this tool is to make antivirus evasion an easy task for pentesters through...

Router exploitation of the Stack Overflow entry II-vulnerability warning-the black bar safety net

Foreword Finally, in learning MIPS vulnerability discovery process, to find a good drone platform The Damn Vulnerable Router Firmware Project Project address: https://github.com/praetorian-inc/DVRF The goal of this project is to simulate a real world environment to help people learn about other C...

Unspecified Vulnerability in GNU Binutils (CNVD-2019-22416)

GNU Binutils GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives.Th...

Xlight FTP Server 3.9.1 Buffer Overflow

Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Google Dork: N/A Date: 2019-02-24 Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1 Tested on: Windows XP CVE : N/A...

tinyissue and Pixeline Bugs Code Injection Vulnerabilities

tinyissue is a defect tracking system. pixeline Bugs is a branch of tinyissue. A code injection vulnerability exists in the install/config-setup.php file in tinyissue version 1.3.1 and pixeline Bugs version 1.3.2c and earlier, which can be exploited to execute arbitrary PHP code with the...

UBUNTU-CVE-2019-9072

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setupgroup in elf.c...

CVE-2019-9072

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setupgroup in elf.c...

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...

Egress-Assess - Tool Used To Test Egress Data Detection Capabilities

Egress-Assess is a tool used to test egress data detection capabilities. Setup To setup, run the included setup script, or perform the following: 1. Install pyftpdlib 2. Generate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the...

Amazon Linux 2 : setup (ALAS-2019-1158)

Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to...

Joomla! cross-site scripting vulnerability (CNVD-2019-15994)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.9.3,...

CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...

CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...

UBUNTU-CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...

Memory corruption

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...