Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
4d83dd2cb588186032dc024e4d9adfb8b6c6e6badf4d60e6ec4228200b4eadf4Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
7fb1e433412d64fcd2335a3ebe7f66437ef34d5a0d3a1df62e2476f3169244baUbuntu Security Notice 3799-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
373176b69d28c5401867b4f69957eb471b3dcf79c5540b6ef157d1da8944e3acServersCheck Monitoring Software versions up through 14.3.3 suffer from a remote SQL injection vulnerability.
b267f07255ac1f9527b94b152495c2752caa4c5090beb524c804d4da1757120bThe management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.
e7627b90298023da272c5c16d0da665c56143382a6c2331b9af84784625a3870Ubuntu Security Notice 3788-2 - USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
2d47b8bdf8609bcc81a667f1522f2669d082a623dae2f92d06e0b23cbe237c2eUbuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
769cc3a35204cab453698f34a6b0570d79e3ff0a88450698a2577c0e6fc6a664CommuniGatePro Pronto webmail version 6.2 suffers from a persistent cross site scripting vulnerability.
a535a63c85dc9cfff4acf85a2aa9f680d4de5f3f74f0f55765388bb0812e708dUbuntu Security Notice 3798-2 - USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
fd020e9154c2daad496c63782c19bbe804be952aa986f8f81262d8b5a00966e9ServersCheck Monitoring Software versions up through 14.3.3 suffer from a cross site scripting vulnerability.
f72e50d49c38f1006ec46a87b034d9463e5d15724a14d0dd13e5b11b88e2ed16MGB OpenSource Guestbook version 0.7.0.2 suffers from a remote SQL injection vulnerability.
58a47c1a4b51e7cc54fa29393ec63e4f2e29fe080bea156021641e14cdcf90f3Microsoft Active Directory Federated Services (ADFS) suffers from a time-based user enumeration vulnerability.
b3eae50ee8fce1eb1e74559f4e6977c7d9770c9481f60f81641dd138862d381cUbuntu Security Notice 3798-1 - Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
99fd6b610927b5b8387a7632ff8dda5701451a4843acca90e6d3e48acd81d539Appsource School Management System version 1.0 suffers from a remote SQL injection vulnerability.
20c763e9dce88a46c6702b4fd1be556e7540f0cfef7110f6b631798ea30f184dSIPPTS is a set of tools to audit VoIP servers and devices using the SIP protocol. It is a set of perl scripts that allow you to identify extensions, remotely crack passwords, check for missing authentication to make phone calls, and more.
3b3b1fe11ef018073d9b9a1c65106f80b2f32f55cf4755c36a56b598a19853c2Ubuntu Security Notice 3797-2 - USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. Various other issues were also addressed.
fcfe969ee2f2de30c48af096d0d90e976029649357ff3de4385bb752f9ff023aServersCheck Monitoring Software versions up through suffer from arbitrary file write and denial of service vulnerabilities.
4ebead7b46a1d1e991394ad4c30c83330e9888c182a2de36c0ae44b6fcbbb87fSIM-PKH version 2.4.1 suffers from a remote shell upload vulnerability.
a484687a4acfa5a267e0dc6d475f82085f26a85fa66fa1d3c43ff891fde90d64SIM-PKH version 2.4.1 suffers from a remote SQL injection vulnerability.
2cfed2b6036be41f70cbed5de0919e179e4a0173108f8768c2fef72a45d53588School ERP Pro+Responsive version 1.0 suffers from a remote SQL injection vulnerability.
d6108a386efcfc3a13be29e5e18dfcbc039b3d8f1b425d438bef860adbbe8a76School ERP Pro+Responsive version 1.0 suffers from an arbitrary file download vulnerability.
f453c3b6b1968d9387c3d915233e2898c47d4bb03dee93f785faaf4332d63d2fUbuntu Security Notice 3797-1 - Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
238ceea5929a80898d5da54f43ed9ee667e49e84560780dbb617b5dff7489b20RootedCON is a technology congress that will be held in Madrid (Spain) March 28th through the 30th, 2019. With an estimated seating from 2,000 and 2,500 people, is the most relevant specialized congress that is held in the country, and one of the most relevant in Europe, with attendee profiles ranging from students, Law Enforcement Agencies to professionals in the technology and information security market and, even, just passionate people.
79d3a588434e8b0b88328b69198a6e5e0502a02704835ba28667f4ee4e5ef676The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.
fb4f2c303fb26dbec83a73792998329051382c1f4c7fca1e1fe8417ff62ba2e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed