Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
913d0f01da1c505a0d2e4845a1257a33Red Hat Security Advisory 2020-0779-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.132. An issue with insufficient policy enforcement in media was addressed.
1073551c3866c0f91b646505a06cc7bcUbuntu Security Notice 4298-1 - It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
25d6fa8a4777be059f8c4d0a4282fa53This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.
27aeb9dcadc656869ca4d5c1b08a9963This Metasploit module can detect and exploit the backdoor of PHPStudy.
eb9fb8137715e8afb602d0b2e3a182efRed Hat Security Advisory 2020-0689-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a use-after-free vulnerability.
91ba6fd094d376492c98fa3dc0cd723cRed Hat Security Advisory 2020-0688-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A race condition has been addressed.
86f5e2fe19d665ecfd0b84b1d6c501f3Red Hat Security Advisory 2020-0775-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include buffer overflow and use-after-free vulnerabilities.
13db1540e0b00ac4cc27fb38e60ef4d1Red Hat Security Advisory 2020-0756-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. An issue where secrets were disclosed was addressed.
cd6966f503118469a575d336c57013eaRed Hat Security Advisory 2020-0754-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information. Issues addressed include a cross site scripting vulnerability.
a4100ec275db34af79adb8efe76a912eRed Hat Security Advisory 2020-0773-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.
9d7fabd48c08c17bc954f8aaafbb7363Persian VIP Download Script version 1.0 suffers from a remote SQL injection vulnerability.
a994e49a3ac90c485503fa75737fe6a2YzmCMS version 5.5 suffers from a persistent cross site scripting vulnerability.
d360ca89e4a68b95345ccd028a822841Sysaid version 20.1.11 b26 suffers from a remote command execution vulnerability.
f0ad3dffeb132df608ba37f67c62ee16Counter Strike: GO .bsp memory control proof of concept exploit.
5547c4c340e256937565d6a91fa070ac
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed