The Endorser - An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills

An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills. Check out the example digraph, which is based on mine and my colleagues David Prince LinkedIn profile. By glancing at the visualisation you can easily see, by the number of "arrows", there ...

Amazon Linux AMI : kernel (ALAS-2017-914) (BlueBorne)

stack buffer overflow in the native Bluetooth stack A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel...

MGASA-2017-0386 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netli...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...

Oracle Hyperion Unspecified Vulnerability in Oracle Hyperion BI+ Component

Oracle Hyperion is a suite of financial modeling applications from Oracle, which provides financial closure, report creation, etc. Oracle Hyperion BI+ is one of the business intelligence platform components that provides management reporting and analysis on any data source. An unspecified...

Oracle Hyperion Unspecified vulnerability in Oracle Hyperion BI+ component (CNVD-2017-31831)

Oracle Hyperion is a suite of financial modeling applications from Oracle, which provides financial closure, report creation, etc. Oracle Hyperion BI+ is one of the business intelligence platform components that provides management reporting and analysis on any data source. An unspecified...

CVE-2017-10312

Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful...

CVE-2017-10312

The CVE-2017-10312 entry concerns Oracle Hyperion BI+ UI/Visualization in Oracle Hyperion, affected version 11.1.2.4. The vulnerability is described as easily exploitable with network access via HTTP, requiring user interaction, and can lead to unauthorized access to data and possible unauthorize...

psad - Intrusion Detection and Log Analysis with iptables

The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set o...

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

CVE-2017-12188

The Linux kernel built with the KVM visualization support CONFIGKVM, with nested visualizationnVMX feature enabled nested=1, was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual addressgva. An L1 guest...

Web-based OSINT and Active Reconnaissance Suite: D0xk1t

Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source , self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers. Based off of the prior command-line script, D0xk1t is now fully capable of...

The vulnerability of the XFA program visualization mechanism in Adobe Reader and Document Cloud, as well as the Adobe Acrobat programs for editing PDF files in Document Cloud, allows a perpetrator to execute arbitrary code.

The vulnerability of the XFA program visualization mechanism in Adobe Reader, Document Cloud, and Adobe Acrobat Document Cloud PDF file editing programs is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remote...

The vulnerability lies in the image processing mechanism when dealing with EMF files related to path visualization, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader Document Cloud. This allows a perpetrator to execute arbitrary code.

The vulnerability in the image processing mechanism during the processing of EMF files related to path visualization, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader, Adobe Reader Document Cloud, arises due to the executi...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from the use of a default password, allowing attackers to bypass the authentication process.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system exists due to the use of a default password. Exploiting this vulnerability allows an attacker to bypass the authentication process remotely...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” relates to deficiencies in path name restriction, allowing attackers to execute arbitrary code.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system relates to deficiencies in path name restriction. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with the privileges of the...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in access control and the disclosure of information in error messages, allowing attackers to read arbitrary files.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system stems from deficiencies in access control and the disclosure of information in error messages. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...

Open Distributed Threat Intelligence: Yeti

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...