swarm - A Modular Distributed Penetration Testing Tool

Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new...

FormatFactory Local Stack Overflow Vulnerability

FormatFactory is audio, video and graphics file type conversion software. A local stack buffer overflow vulnerability exists in FormatFactory version 3.9.0. A faulty validation check in a load file .task causes a stack overflow that can crash the affected program...

FormatFactory 3.9.0 .task Stack Overflow

Document Title: =============== FormatFactory 3.9.0 - .task Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1935 Release Date: ============= 2016-09-01 Vulnerability Laboratory ID VL-ID: ====================================...

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

Document Title: =============== FormatFactory 3.9.0 - .task Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1935 Release Date: ============= 2016-09-01 Vulnerability Laboratory ID VL-ID: ====================================...

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

Document Title: =============== FormatFactory 3.9.0 - .task Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1935 Release Date: ============= 2016-08-31 Vulnerability Laboratory ID VL-ID: ====================================...

Timing of Browser-Based Security Alerts Could Be Better

Multitasking may be the way of the connected world, but as it turns out, it’s not conducive to secure behavior online. Academics from Brigham Young University and the University of Pittsburgh came to that conclusion after using functional magnetic resonance imaging fMRI to study how the brain...

PT-2016-7426 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.6.6 Description: A race condition exists in the get task ioprio function, allowing local users to potentially gain privileges or cause a denial of service through a crafted ioprio get system call. This issue c...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

RHEL 6 : MRG (RHSA-2016:1532)

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Debian DLA-574-1 : qemu-kvm security update

Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-5239 Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC...

The vulnerability of the Windows operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for increased privileges exists in the Windows task scheduler due to incorrect checks for the integrity of tasks. If this vulnerability is exploited successfully, a malicious individual will be able to execute arbitrary code within the context of local system security...

XpoLog Center 6 Cross Site Request Forgery

XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from arbitrary command execution. Attackers...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3607-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg o...

Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt63

3:11-alt63 built June 27, 2016 Sergey V Turchin in task 166414 June 27, 2016 Sergey V Turchin - new version - security fixes: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133,...

Debian DLA-516-1 : linux security update

This update fixes the CVEs described below. CVE-2016-0821 Solar Designer noted that the list 'poisoning' feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes...

Regsvr32.exe (.sct) Command Delivery Server

This module uses the Regsvr32.exe Application Whitelisting Bypass technique as a way to run a command on a target system. The major advantage of this technique is that you can execute a static command on the target system and dynamically and remotely change the command that will actually run by...

AutoNessus - Script to Communicate with Nessus API

This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list all policies, start, stop, pause, and resume a scan. It may be helpful to create a cron job/scheduled task for automating the start ...