FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
2dabf3306920bf685cd64fccd4af57a2c08164437c3589022728c8bcd8d4650f
This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable macro execution.
7415a9c1ca3ef854a9f6d2f27ca6e461d7630f6d7777043d3cab28fc430dbf55
EMC Isilon InsightIQ is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, and 3.0.0.
2a49ba5c322887c588a0082e8f9beb3b0588a3dc77722821f03b0d7b0213a873
JUNG Smart Visu server with firmware versions 1.0.804, 1.0.830, and 1.0.832 suffer from backdoor account and path traversal vulnerabilities.
cf2d0ac3035650b704e93a6417b5d0df5e42066af0f4bc43a4a26516470ff0ed
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
b772e3ece182edf79691ca30e3af7ab6cd981028a01ac70c402db17d3c7a2948
Red Hat Security Advisory 2017-0259-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
7a48c001f115ba93b88cdf468884c8870faeff90cc50353c074b79dace68f92c
Red Hat Security Advisory 2017-0260-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The gdeploy package provides Ansible modules to setup and configure GluterFS. Multiple security issues have been addressed.
202b927aacce6a620515bed162f08c7c2d6f86c33a63957ec31ca25637474014
Red Hat Security Advisory 2017-0258-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
88b73dd0573b8aabffdf9a10ba27358630138a470160f808b243a17456913841
This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.
ef1f678e22cd90af71de78894ae41f394c587a79f50d3227fd66fa5c848d7951
Ubuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
ca0c18acba4b88e6e80fee104c08afc6e2119a222bc4f831a5368db334579045
Ubuntu Security Notice 3180-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
0de654a056ff41708c63dd08b1a747fefc182fd29bd615cfe0152ef65198a0cc
Western Digital My Cloud with firmware version 2.21.119 suffers from an authentication bypass vulnerability.
07f438c38cd48633a9f62d69405eb28f29efca802afed3c49bd9740875178ddc
103 bytes small Linux/x86 reverse TCP alphanumeric staged shellcode.
884f4d7a58427b57c40dd909782c13ee937f147e99cec5956b8a22a40d65113b
WordPress wp-json API content injection exploit proof of concept.
f2bd654825c2a33cf9a482dda51a1c94d3caf75c65e12399b5758aed301edbbf
SumatraPDF version 3.1.2 suffers from a dll hijacking vulnerability.
601ed610ba5925a63dea0564014681b1062e030c87127aba26cfeef6284cedb2
Clone Script Directory Script version 1.1.0 suffers from a remote SQL injection vulnerability.
702147164acc395bf993d0558f2311a5470798a27552724b54402693022baddf
Muviko Video CMS suffers from a remote SQL injection vulnerability.
e0cf0ebaeba45a8abcba550ac764ec03e8dc50d4fc2d9f5a74751b1c008a1238
Multi Outlets POS version 3.1 suffers from a remote SQL injection vulnerability.
5bf26ead7cb156de434c1ff0f58e456124ba52efc3d955149cb4dafba5c807f7