PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
b1844764d7aaf61ed5f0215be657498d28a24c297cebe10c2fa3753f2b3deb4a
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
fe07ede744275e79f00a3a21f07bc10a3f99cfcb3d440819651a51f0048d0d2b
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
f33bbf2c895e2410d4ecb153c69129d46708c8a724eaa8535ed8e37688c033a4
This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly affected, but untested.
f4244a1e72f87921eab5c56221de1ab5d42d1ffd35789a5298618d85c3223c83
This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1
ac4cd7158b0ae42d40bce75202d5221b0347a49712ff529804a31fe058562cf0
This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.imss endpoint takes several user inputs and performs blacklisting. After that it use them as argument of predefined operating system command without proper sanitation. However,due to improper blacklisting rule it's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue. This Metasploit module was tested against IMSVA 9.1-1600.
11e69f1f14c7fda2a5c79709f1ef54202402550d7f061eab772393f32c945aea
Red Hat Security Advisory 2017-0323-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
056578c1ba769d6ac2dcce94e9e76988a68b5db1def1c44c336d2cf676e7cda7
Red Hat Security Advisory 2017-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
f14e2b46c2b71cef1afb04a771220b5372f199e76244ba0af668358a52b9f888
Debian Linux Security Advisory 3792-1 - Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure.
54bbcab9a611638d54637eac6c3d32a3d276c790c825d076deb406e2defa354f
Joomla Community Quiz component version 4.3.5 suffers from a remote SQL injection vulnerability.
70af9012b0302fa389b253a9d33305694a58d13e8caa91b1f02a74cafccc3b72
Joomla Intranet Attendance Track component version 2.6.5 suffers from a remote SQL injection vulnerability.
0679fd2dc93ff3a5aaee24154ec5dbefe722d8de41a027f4cd57bfcb61e1dd6f
Joomla Wisroyq component version 1.6 suffers from a remote SQL injection vulnerability.
f06eb5a40e3459b489d7a895b86931ff2fbba45a3fca42091679f59483739469
Joomla JO Facebook Gallery component version 4.5 suffers from a remote SQL injection vulnerability.
879a4eac35de9169bb3d03344a4d24d3248f1f2de3b4e4ac87f10a883385c770
Joomla JooDatabase component version 3.1.0 suffers from a remote SQL injection vulnerability.
131237df7444861694a95a072f0fd2892467a95371d3c44bf3b7b4f9f1b7a0e5
Joomla Community Polls component version 4.5.0 suffers from a remote SQL injection vulnerability.
f39ba5d2b35b140ed8de3e4c3f686a2aef360d6aba02604a9ec278f0a59aae24
Joomla Fabrik component versions 1.4 and 1.5 suffer from a cross site scripting vulnerability.
4d5229736a360e38ce56e6f366dab88b3d114f205379ed40f734338ff6877ff8
Joomla Digistore component versions 1.5 and 1.6 suffer from a remote SQL injection vulnerability.
213c4323a77bcb2aa2be696429dfcc670869405f1bd1d889b9d119c76cdc514f
Joomla Sgpprojects component version 3.1 suffers from a remote SQL injection vulnerability.
2d70c609ee6c39d7e67e653c17e9596d91ab6455beef5398f399ed21a4c6fd09
Joomla Profiler component version 1.4 suffers from a remote SQL injection vulnerability.
b6d7a46801e81db7816458ace4dbe7d359627783d5a99c6bf578f5166307e42c
Joomla Community Surveys component version 4.3 suffers from a remote SQL injection vulnerability.
7003f566153681a8f4e8843ddcde9ff4af6dee27eb63442a31e8e96eb9c35f73
Joomla AJAX Search for K2 component version 2.2 suffers from a remote SQL injection vulnerability.
0e23d1908095ad8d1554c9fe5412bc230a87bc00eef4bf3371639ae55d361652
Joomla Civicrm component version 1.6 suffers from a remote SQL injection vulnerability.
63c15ade491d2d63959355d82ce7f84dc1960ab516396fc7c81f426fb0f10de6
Joomla Glossary component version 1.6 suffers from a remote SQL injection vulnerability.
30d88979ba4847864bc8a7723b8f773a6e45b441a36b98174c086e1724f2639b
Joomla GPS Tools component version 4.0.1 suffers from a remote SQL injection vulnerability.
e37dce21855dc4b3b644d72fe287fbe7c9c31ea7d021903cfaacd4c2390cb848
memcache-viewer suffers from a persistent cross site scripting vulnerability.
3a97231410e7a5dfbff21215ff23683c7d5f2e9d76d7289d1d42f989e31bd0e0