The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
b5afe81eb97b7ad0d469eb79d4c67be6a0d49a49fcd468a813044564e9e61f88XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution.
91c7dfdf6aeb957aa46e50283fc95205a17b991e8e99993f7b09e7fd6a521bdbjQuery-File-Upload versions 9.22.0 and below suffer from an unauthenticated arbitrary file upload vulnerability that allows for remote command execution.
9b9e155688817d68e773b78e64aa874b246af6c757592c38ac8faeace00f863cUbuntu Security Notice 3787-1 - It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs.
45be2d5a126cec79d3d3bfd4b9ca81d251cefa375c31302c5472f2304c932cbaUbuntu Security Notice 3781-2 - USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Various other issues were also addressed.
2b00f712e0276977a856acf715b8a2c3ec35dcfa43d7209bc7def4294c7d955aRed Hat Security Advisory 2018-2902-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.1.1 and 1.0.13. These versions correspond to the October 2018 security release by .NET Core upstream projects. Issues addressed include an information leakage vulnerability.
340cc14988a0eb7e4c0ff80ec415d0603518d27ac97d50efb79928018ac10eddMikrotik RouterOS versions 6.x suffer from a remote root code execution vulnerability.
3f8c52b062ca67ece824e00c875d47df8ead0831abf8803a9a4a87310336aa60Delta Electronics Delta Industrial Automation COMMGR versions 1.08 and below suffer from a buffer overflow vulnerability.
21735127472d0f336789c979a9109de253aab1f1853d7a1f0e0ccc5036d23af0VMware Security Advisory 2018-0025 - VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability.
170ccb20869d99e8a32ef8b0b7c44a0aec599b17afce56a2e985c666dca076a4Red Hat Security Advisory 2018-2892-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The glusterfs packages have been upgraded to upstream version 3.12.2, which provides a number of bug fixes over the previous version. Issues addressed include a deserialization vulnerability.
c74a6ba2d605744c4a758a3aa05578ffb837837c83e15f3771cb4831872b1908Ektron CMS version 9.20 SP2 suffers from an improper access restriction vulnerability.
fd1f946762d555d6b36ddb6d80407a3437fbb0467bbad67303c164182e27d9fbWikidforum version 2.20 suffers from a remote SQL injection vulnerability.
dcb75325ddd42b71802df4f523edd1fcd902226093356ce633a732f40cd339bfFileZilla version 3.33 suffers from a buffer overflow vulnerability.
2ed2bdf8b9a0fc35523cab82487fa2c70c2d1658b7a287a0d3e306989bb53b0dtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
9c78313a1926e455e5a89e22c093d3d0d6165d5c03e766c754ec141f3c00580fWhitepaper called LOKIDN - Lapse of Keyboard at Internationalized Domain Name.
9350c60f34392d28e37a855ba1a59aaeace47cc0db7171332b2ab4d53f6edaddWhitepaper called Client Side Injection on Web Applications.
05b69e6f5fef3bde99785bc70b216354a124bbcbf8099e03d89577ab3fc8a5da
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed