Ubuntu Security Notice USN-3828-1
Ubuntu Security Notice 3828-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote...
View ArticleUbuntu Security Notice USN-3816-3
Ubuntu Security Notice 3816-3 - USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older...
View ArticleUbuntu Security Notice USN-3827-2
Ubuntu Security Notice 3827-2 - USN-3827-1 fixed a vulnerability in samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Florian Stuelpner discovered that Samba incorrectly...
View ArticleUbuntu Security Notice USN-3829-1
Ubuntu Security Notice 3829-1 - It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected...
View ArticleTeamCity Agent XML-RPC Command Execution
This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the...
View ArticleMac OS X libxpc MITM Privilege Escalation
This Metasploit module exploits a vulnerability in libxpc on macOS versions 10.13.3 and below. The task_set_special_port API allows callers to overwrite their bootstrap port, which is used to...
View ArticleLinux Nested User Namespace idmap Limit Local Privilege Escalation
This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow...
View ArticlePHP imap_open Remote Code Execution
The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's...
View ArticleXSS Fuzzer
XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It...
View ArticleBMC Remedy 7.1 User Impersonation
An impersonation issue in BMC Remedy version 7.1 may lead to incorrect user context in Remedy AR System Server.
View ArticleDebian Security Advisory 4345-1
Debian Linux Security Advisory 4345-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
View ArticleAvahi 0.7 Denial Of Service
Avahi-daemon in Avahi version through 0.7 inadvertently sends Legacy Unicast Responses to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a...
View ArticleCisco WebEx Meetings Privilege Escalation
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue...
View ArticleSonarSource SonarQube 7.3 Information Disclosure
SonarSource SonarQube versions 7.3 and below suffer from an information disclosure vulnerability.
View ArticleWordPress SEO (Yoast SEO) 9.1 Race Condition / Command Execution
WordPress SEO (Yoast SEO) plugin versions 9.1 and below suffer from a race condition that allows for command execution.
View ArticleHtcap Analysis Tool 1.1.0
Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets...
View ArticleFreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote...
View ArticleDebian Security Advisory 4346-1
Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary...
View ArticleUbuntu Security Notice USN-3830-1
Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding...
View ArticleUnitrends Enterprise Backup bpserverd Privilege Escalation
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute...
View Article