IT Security Tools
News Kategorien unterhalb von IT Security Tools: 0x
News RSS Feeds dieser IT Security Tools Kategorie: IT Security Tools
Benutze Feedly zum Abonieren.
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).
Eigene IT Security Webseite / Blog / Quelle hinzufügen
Red Hat Security Advisory 2019-2465-01
Red Hat Security Advisory 2019-2465-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Red Hat Security Advisory 2019-2462-01
Red Hat Security Advisory 2019-2462-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Ubuntu Security Notice USN-4092-1
Ubuntu Security Notice 4092-1 - Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.
WebKit Universal Cross Site Scripting
WebKit suffers from a universal cross site scripting vulnerability via XSLT and nested document replacements.
ManageEngine Application Manager 14.2 Privilege Escalation / Remote Command Execution
This Metasploit module exploits SQL injection and command injection vulnerabilities in the ManageEngine Application Manager versions 14.2 and below.
Joomla JS Support Ticket 1.1.6 SQL Injection
Joomla JS Support Ticket component version 1.1.6 suffers from a remote SQL injection vulnerability in ticketreply.php.
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability in booking_details.php.
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
This Metasploit module exploits SQL injection and command injection vulnerability in the OpManager versions 12.4.034 and below.
VxWorks 6.8 Integer Underflow
VxWorks version 6.8 suffers from an integer underflow vulnerability.
ManageEngine OpManager 12.4x Remote Command Execution
This Metasploit module bypasses the user password requirement in the OpManager versions 12.4.034 and below. It performs authentication bypass and executes commands on the server.
Webmin 1.920 Remote Code Execution
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.920 and below. If the password change module is turned on, the unauthenticated user can execute arbitrary commands with root privileges.
Joomla JS Support Ticket 1.1.6 Arbitrary File Deletion
Joomla JS Support Ticket component version 1.1.6 suffers from an arbitrary file deletion vulnerability in ticket.php.
UNA 10.0.0 RC1 Cross Site Scripting
UNA version 10.0.0 RC1 suffers from a persistent cross site scripting vulnerability in polyglot.php.
Joomla JS Jobs 1.2.5 SQL Injection
Joomla JS Jobs component version 1.2.5 suffers from a remote SQL injection vulnerability in cities.php.
Ghidra (Linux) 9.0.4 Arbitrary Code Execution
Ghidra (Linux) version 9.0.4 suffers from a .gar related arbitrary code execution vulnerability.
Debian Security Advisory 4498-1
Debian Linux Security Advisory 4498-1 - Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection,
Debian Security Advisory 4496-1
Debian Linux Security Advisory 4496-1 - Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
Debian Security Advisory 4495-1
Debian Linux Security Advisory 4495-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Security Advisory 4494-1
Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.
Ubuntu Security Notice USN-4091-1
Ubuntu Security Notice 4091-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2019-2439-01
Red Hat Security Advisory 2019-2439-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Integer overflow, leaked credential, and padding oracle vulnerabilities were addressed.
Red Hat Security Advisory 2019-2437-01
Red Hat Security Advisory 2019-2437-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2019-2433-01
Red Hat Security Advisory 2019-2433-01 - Cockpit is a Linux system administration tool with a web UI, easy setup, and minimal system footprint at runtime. When installed on hosts in Red Hat Virtualization, it provides monitoring and management functions beyond those available in the Administration Portal. Cockpit is installed by default on Red Hat Virtualization Host. A plain text password issue was addressed.
Red Hat Security Advisory 2019-2427-01
Red Hat Security Advisory 2019-2427-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 76.0.3809.87. Issues addressed include bypass and use-after-free vulnerabilities.
osTicket 1.12 Cross Site Scripting
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
osTicket 1.12 Formula Injection
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
osTicket 1.12 File Upload Cross Site Scripting
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.
Mitel 6869i Voip Deskphone 4.2.2032 Command Injection
Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability.
Master Data Online 2.0 Cross Site Scripting
Master Data Online version 2.0 suffers from a cross site scripting vulnerability.
Nmap Port Scanner 7.80
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
Gentoo Linux Security Advisory 201908-05
Gentoo Linux Security Advisory 201908-5 - Multiple vulnerabilities have been found in LibVNCServer, the worst of which could result in the arbitrary execution of code. Versions less than 0.9.12 are affected.
Gentoo Linux Security Advisory 201908-04
Gentoo Linux Security Advisory 201908-4 - Multiple vulnerabilities have been found in Redis, the worst of which may allow execution of arbitrary code. Versions less than 4.0.14 are affected.
Gentoo Linux Security Advisory 201908-03
Gentoo Linux Security Advisory 201908-3 - Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected.
Bro Network Security Monitor 2.6.3
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
Guide To Red Team Operations
This is a guide to red teaming operations. It covers the basic questions like what is a red team, differences between red teaming and vulnerability assessments along with advance theory such as how red team engagements are done. Thought processes and legal processes are also covered.
SeitennavigationSeite 5 von 269 Seiten (Bei Beitrag 140 - 175)
9.407x Beiträge in dieser Kategorie
Auf Seite 4 zurück | Nächste 6 Seite | Letzte Seite
[ 1 ] [ 2 ] [ 3 ] [ 4 ]  [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ]