Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
0e970e8849a2e655246709fff0123525Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).
3b1777f8309fb6e91148a1b542d501efUbuntu Security Notice 3459-2 - USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. A Multiple security issues were discovered in MySQL and this update A includes new upstream MySQL versions to fix these issues. A MySQL has been updated to 5.5.58 in Ubuntu 12.04 ESM. Various other issues were also addressed.
48cca9251d1ac4a0ba1591e201a98b1dRed Hat Security Advisory 2017-3082-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.75. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
ee548e66c5378b8dfd0563c88477b0f7Ubuntu Security Notice 3464-2 - USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. A Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of A service, or possibly execute arbitrary code. Various other issues were also addressed.
4290569fb5e2a5604a538c5b43a6bb1fUbuntu Security Notice 3467-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.
3574f1237068a25a85f435fddd772e9fRed Hat Security Advisory 2017-3081-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
ed7db0112f16f762e72879e4f791c3a9Red Hat Security Advisory 2017-3080-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.
66762ee91bc3b19e8d50115d124b3dcaGentoo Linux Security Advisory 201710-32 - Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets. Versions less than 2.4.27-r1 are affected.
6702dea8604021598b7ad6570ac8ea75Gentoo Linux Security Advisory 201710-31 - Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication. Versions less than 1.8.0.152-r1 are affected.
a7c529adfd84fe6fc678b0cdb8e526b3Gentoo Linux Security Advisory 201710-30 - Multiple vulnerabilities have been found in X.Org Server the worst of which could allow a local attacker to replace shared memory segments. Versions less than 1.19.4 are affected.
c3cded738c906680cb3a502ef39b1721Website Broker Script suffers from a remote SQL injection vulnerability.
c268db54348e06f2a891e1e4b8a0c162Vastal I-Tech Agent Zone suffers from a remote SQL injection vulnerability.
9eefe317c733dfe1b72c7b1be2b593beZomato Clone Script suffers from a remote SQL injection vulnerability.
f3b76106b5efbfbfb78a82cf61145a68PHP Inventory suffers from an arbitrary file upload vulnerability.
f0ea39e29684cdfddf40e9ddbea32ec3Online Exam Test Application suffers from a remote SQL injection vulnerability.
d0a31c65ef54e756c675fc31b1f78950WordPress Ultimate Product Catalog plugin versions 4.2.24 and below suffer from a PHP object injection vulnerability.
3f4ffd5d0fa22e90026bf5db1d8f6c0bGentoo Linux Security Advisory 201710-29 - Multiple vulnerabilities have been found in Asterisk, the worst of which allows remote execution of arbitrary shell commands. Versions less than 11.25.3 are affected.
dc6664f1f4febce3a1ec19be4fbf4607Gentoo Linux Security Advisory 201710-28 - A vulnerability in Jython may lead to arbitrary code execution. Versions less than 2.7.0-r2 are affected.
d31b394e4c2951ccc2b6840bc8da2d25MitraStar DSL-100HN-T1 and GPT-2541GNAC routers suffer from a privilege escalation vulnerability.
9bd18e64e9682092e8293cf4eeb301a2Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
af6de0260dd14ddfcb95f1ac9fb2ed98Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
5cfa32159eb1177bd5b0c6bc8f9f52acHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release..
24796666d5409b2b73e2025fb739a4efPHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.
e966da86f2a1eebadb8468cec478394aRSA Authentication Manager version 8.2 SP1 Patch 5 contains a fix for a reflected cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
21fceb4b6c9ad9829894a924c629d3d0
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed