Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.
3d4ed25c006b4d44e2fc925724eb8ef4c383a536453c0793e4b5aa7eb8d74965
Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.
1f2f71584b62477d5804bbbbde1135bf3a474ccf5086c8de8d354737d3f45ec5
Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.
8320966018d4b52176f05a64a93fb6afca4e855a819b53c26fc977897451134d
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
44f68faf77b8d52d133fa7bd7f77f27dff0abc2be9fa5a564e72c8596a8ce3b0
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
a9bcb89c08a617fec0d6c0486d7c3f7f3ac5387201f9f490a35f75538e34c006
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
cfca31a0e5fd0e706002e7c1b044c11be5140091f0e22f0ae5b9aa644ef50da2
This Metasploit module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint() function does not effectively check the validity of the tagPOPUPMENU objects it processes before passing them on to MNGetpItemFromIndex(), where the NULL pointer dereference will occur. This module has been tested against Windows 7 x86 SP0 and SP1. Offsets within the solution may need to be adjusted to work with other versions of Windows, such as Windows Server 2008.
fb3cf21123b0e2fbb662a608751638e9471714e3f0e34de79dd880b595ae013c
This Metasploit module leverages a trusted file overwrite with a dll hijacking vulnerability to gain SYSTEM-level access on vulnerable Windows 10 x64 targets.
c361a1c2decc4120fb83b82770836ac6e075d3657ad91fe7ca2189c9dd6ec994
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
d7bf24615c4c0af2435c99c9fb8c9c0f0ecdce375e184ba7f63b715ae5900a61
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
7c81d798022f81e7507f1a60d6817f63aa76e489aa4e7055255f21a22f5e526a
The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.
cad8acf833ae1fc01c1aff9970f2a1ebe51e3dedd74f0abacbf0957e483c2741
Creative Zone suffers from a remote SQL injection vulnerability.
6c7cfa7f477ec65415d3e1040904d2cce7209a4622e93334f65766c8b00fdf41
WordPress Dosimple theme version 2.0 suffers from a cross site scripting vulnerability.
c30a7d1c43e1e0ec9ea14fe9e83a5b0ee3ac5c3ce56dfac9cd24563e0218a7c0
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability.
4fdd0a374d4602e83df4826d1fa9df4688afc640985f07e5c06d6e72891299a4
WebTareas version 2.0p8 suffers from a cross site scripting vulnerability.
c416b5620fefd7baa3d5708623dcf013feaec0cff7211fa9c063bdf7e6ea12a3
WordPress ChopSlider plugin version 3 suffers from a remote SQL injection vulnerability.
e218e1571606da2531f1241428d66e8c95a78bdef1172ab60f7f8313306d3ed9
Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.
675143e025a9ea8b21fbc608b0baad3246b979bcfcdffb765049c07924c2d6c7
Tiny MySQL suffers from a cross site scripting vulnerability.
3be96ce372b85265dedfea75bbeed5bb368f7671978597c4628dd22cdf59ab8a
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.
60bdf17fd56c9fb381132939686a98b99f6b36dbdbb84bcc1d07a89ee5e7f57e