Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
40d446e66e56614a51ff2d231b30ec0df275e4c17e0a65e2e1c618ab394e1d70
Apple Security Advisory 2017-04-04-1 - Apple Music 2.0 for Android is now available and addresses a certificate validation issue.
e2d4a49ec8aa12899165073f8d711b115f575439dfdded9070be8dcfe447ab51
Cambium products suffer from SNMP access control issues that may allow for unauthorized changes to the device configuration. Models affected include Cambium ePMP 1000, Cambium ePMP 2000, Cambium PMP XXX, and Cambium ForceXXX models.
83af628b8ca5f9c6f13937f56b1da567235978f7f6485f3db1c03008ecf2e6d5
Whitepaper called From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case).
66c928dae742c5b1f66c19385575361b4ebbbe5aef56979b8945aa3f1562cf31
Asterisk Project Security Advisory - No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.
4f394dc143a808e8b1929549291dac026ba69e8dc9fd92c43b3dff47220e1290
SenNet data logger and electricity meter appliances suffer from insecure configuration and OS command injection vulnerabilities.
af974497ffb69114fb44715f152d81b4463d76f11a1ae74ed3a4e791dae40a58
Sielco Sistemi Winlog SCADA Software versions prior to 3.02.01 suffer from a dll hijacking vulnerability.
eb28553774404c4a0961a9210b37b0374aff6513679b76880d96e42e9441d27b
The VMU-C webserver suffers from cross site request forgery, cross site scripting, access control, weak credential management, and insecure storage vulnerabilities. VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17 are affected.
1582c6722bcf37eb3cd5c16f529748ff9d4b17c5c7e4c15f8293942e38016191
WordPress Firewall 2 version 1.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
e931376033f97633c8fcb5a60100c1bfabead9f74477b8421f59aa6b4043e110
QNAP QTS suffers from multiple command injection vulnerabilities.
343c3dd2c8af1703505203d51d06fca1f4b6fd98b7dbcb44ab5aad7c30af0005
Apache Tomcat version 7.0.76 suffers from a directory traversal vulnerability.
a1268dc6c01e23eaa3d4d609b9d4371d8072dc5aeae66cfb4b18621936d4b05c
LAquis SCADA version 4.1 suffers from access control issues.
86fbbd5516820667a46d0ba5ad09fd19f5f20c2b0184e3600ed71fd84482b636
DragonWave Horizon version 1.01.03 suffers from having hardcoded credentials embedded in the device.
07fb435be21a3d69e7b704cc6f1844bf8bd4a0b4dcbf64c0fbf09ed42effb437
The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.
1422d48bcd8eed64fc465a014de8e359bdf5f4adb5d983d4dc5bc3f09063b2b3
iPlatinum iOneView suffers from a cross site scripting vulnerability.
0748c764b11fe8653d8bdf660e05509be0b81f6592585f84e66a264607caccd8
Moodle versions 2.7 and earlier suffer from a vulnerability that discloses the account name for a specified profile ID.
4f976a974fdadab3348c916dd40c13ac770e58b386f43d58b4af5a65ee162dda
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
66a98e70a144fe9899d8fd9fd517199c71cec492e3975c6c06cc8252d0d5a2bc
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.
4621c0044c5a24d96d1788203f448b2efd0583ce750a71e293fd82e80739c88c
45 bytes small Windows 10 x64 egghunter shellcode.
bdafa19400362a61aa6382dc9ee25a8519098934deb157b8bdb8739bf5df3f7e