Fedora 25 : knot / knot-resolver (2017-038e821698)

Knot Resolver 1.2.3 2017-02-23 ================================ Bugfixes -------- - Disable storing GLUE records into the cache even in the non-default QUERYPERMISSIVE mode - iterate: skip answer RRs that don't match the query - layer/iterate: some additional processing for referrals - lib/resolv...

Lightweight Arch Linux Based Security Distribution: BlackArch Linux

BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up to be used by security professionals for penetration testing tasks and security auditing. While the distribution can be installed on top of...

The vulnerability of the iOS operating system, which allows a hacker to trigger a service failure

The vulnerability of the iOS operating system’s Graphics Driver component exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially created video...

BlackArch Linux 2017.03.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1707 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: add more than 50 new tools update...

[SECURITY] Fedora 24 Update: jenkins-1.651.3-2.fc24

Jenkins is an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for...

Lynis 2.4.4 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

ansvif - An Advanced Fuzzing Framework Designed To Find Vulnerabilities In C/C++ Code.

ansvif, written primarily in C++, is designed to find code bugs by throwing garbage input at programs to see how they react. This is great for finding bugs, because not every type of input is always handled, and buffers are not always checked, etc. It also comes in handy when writing and protecti...

AntiVirus Evasion Reconstructed – Veil 3.0

The Veil Framework is a collection of tools designed for use during offensive security testing. When the time calls for it, Mandiant’s Red Team will use the Veil-Framework to help achieve their objective. The most commonly used tool is Veil-Evasion, which can turn an arbitrary script or piece of...

AntiVirus Evasion Reconstructed – Veil 3.0

The Veil Framework is a collection of tools designed for use during offensive security testing. When the time calls for it, Mandiant’s Red Team will use the Veil-Framework to help achieve their objective. The most commonly used tool is Veil-Evasion, which can turn an arbitrary script or piece of...

LocalTapiola: HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti

Basic report information Summary: HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti Description: Tonttutesti´s kutsu kaverisi feature sends email to friend with a link to Localtapiola´s tonttutesti site. Fields "Nimesi" and "Kaverisi nimi" seem to be vulnerable...

SPARTA - Network Infrastructure Penetration Testing Tool

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

Lynis 2.4.3 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Debian Security Advisory DSA 3792-1 (libreoffice - security update)

Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information. OpenVAS Vulnerability Test $Id: deb3792.nasl 8091 2017-12-13 06:22:57Z teiss...

mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. Installing with pip This is the recommended installation method in case you have python and pip . pip install mongoaudit Alternative installer Use this if and only...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

MongoDB Security Audit: mongoaudit

MongoDB Security Audit mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy syst...

Automated Job Portal Script - SQL Injection

Automated Job Portal Script - SQL Injection Exploit Title: Automated Job Portal Script - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://www.jagaad.com/ Software Buy: https://codecanyon.net/item/automated-job-portal-script/14318664 Demo:...

The vulnerability of the Java Platform software platform allows a perpetrator to breach the confidentiality of information.

The vulnerability of JRockit a sub-component of 2D, components of Oracle Java SE, and the Java Platform software are due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to cause a system to freeze or, in rare cases, lead to an unexpected shutdown...

Fedora 25 : 3:mariadb (2017-801e01d1ed)

Important change : - Most of the utilities were move to the new sub-package 'server-utils' Other enhancements: see changelog - CVE fixes, SPECfile fixes, patches revision, tests blacklist revisions - Preparation and testing of the Cracklib plugin to be added Note that Tenable Network Security has...

Under the Hoodie: Actionable Research from Penetration Testing Engagements

Today, we're excited to release Rapid7's latest research paper, Under the Hoodie: Actionable Research from Penetration Testing Engagements, by Bob Rudis, Andrew Whitaker, Tod Beardsley, with loads of input and help from the entire Rapid7 pentesting team. This paper covers the often occult art of...