CVE-2018-9031

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

[SECURITY] Fedora 26 Update: cryptopp-5.6.5-2.fc26

Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...

StaCoAn - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding...

FreeBSD-SA-18:03.speculative_execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:03.speculativeexecution Security Advisory The FreeBSD Project Topic: Speculative Execution Vulnerabilities Category: core Module: kernel Announced: 2018-03-1...

Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure

Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

GLSA-201803-03 : Go: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201803-03 Go: User-assisted execution of arbitrary code A command injection flaw was discovered in the source code build phase because of the go get command, which does not block -fplugin= and -plugin arguments. Impact : A remote...

Memcached 1.5.5 - Memcrashed Insufficient Control Network Message Volume Denial of Service (1)

Memcached 1.5.5 - Memcrashed Insufficient Control Network Message Volume Denial of Service 1 / memcached-PoC memcached Proof of Concept Amplification via spoofed source UDP packets. Repo includes source code for PoC and approximately 17,000 AMP hosts. memcached.c - Source code...

Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability

Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS Denial of Service. An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. The...

AxxonSoft Axxon Next Directory Traversal Vulnerability

Exploit for windows platform in category remote exploits Title AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial /css//..%2f substring in a URI. CVE-2018-7467 Vulnerability Type Directory Traversal via an initial /css//..%2f substring in a URI Vendor of Product AxxonSoft...

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerabilities: Go before 1.9.4 allows "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked CVE-2018-6574...

vTiger File Upload

File upload vulnerability in vTiger CompanyDetailsSave.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...

Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products - Lenovo Support US

No description provided...

Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products - US

Lenovo Security Advisory: LEN-16095 Potential Impact: An attacker could gain access to the switch management interface, permitting settings changes that could result in exposing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or complete denial ...

Dropbox: Exposed Git Repo at http://fileserver.dropboxbusiness.com

The report revealed an exposed git repository on a vendor that Dropbox uses. This endpoint could allow an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information like application secrets. Thankfully, after performing an...

A week in security (February 5 – February 11)

Last week on Malwarebytes Labs, we featured a new Flash Player zero-day that has been found in recent targeted attacks. And we talked about a new trick to cripple browsers that came out of the hat of tech support scammers. We also covered several methods of stealing cryptocurrencies, including on...

New Deepfakes forum goes mining with Coinhive

You may or may be familiar with the furore over Deepfakes, a relatively new development in pornography involving a tool called FacesApp, which is capable of producing a real porn clip that replaces the original actors' heads with those of celebrities—or indeed, anyone at all. Online fakes have be...

Apple Downplays Impact of iBoot Source Code Leak

Apple is responding to reports the leak of its iBoot source code is a serious security blow to iOS devices. In statement released Thursday it confirmed the leak, but emphasized the source code is three years old and would have no impact on iOS device security. “Old source code from three years ag...

Apple's iBoot Source Code for iPhone Leaked on Github

Apple source code for a core component of iPhone's operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot—t...

CVE-2018-6574

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...