Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
a2ef5f36dc4566d2ba129f34c14c269619b9797725b65d2696c27074db5f3e6a
Red Hat Security Advisory 2020-0779-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.132. An issue with insufficient policy enforcement in media was addressed.
3cd805d8dae4779c6b64689dde9cedd92e5700b742f25f7caa35d9f02d451dd0
Ubuntu Security Notice 4298-1 - It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f5109bac0750a5ca954bc0abbebf20331a2eedfa9d91e67f5aa6045951ad27a7
This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.
ff7c4c4f60a8d9d91f4dea43c87e96d04fac8cbc379e059ccb3fb23c944c18ab
This Metasploit module can detect and exploit the backdoor of PHPStudy.
df2fe2dc17dfccf25b996306f492791a47f36836e647f13318faac6c20640ce2
Red Hat Security Advisory 2020-0689-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a use-after-free vulnerability.
d213a91a33b2cab01020f00ae8f1a3ee4beb7f2a265216f47477eede1cc52d4d
Red Hat Security Advisory 2020-0688-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A race condition has been addressed.
b6a978e16a30622f1ef08edd0d08057edbcb265b8178ca621f34da209a122b86
Red Hat Security Advisory 2020-0775-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include buffer overflow and use-after-free vulnerabilities.
1bec67f6c9e4cee34c9dd01f43184ed7cec9d7278ef1ba6c863492ae119690b9
Red Hat Security Advisory 2020-0756-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. An issue where secrets were disclosed was addressed.
797ccf82a8126141a057a98fe76cb316e28f89fe0b76b96c8948df8f0fe0cc24
Red Hat Security Advisory 2020-0754-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information. Issues addressed include a cross site scripting vulnerability.
d2fd665bc799beef786875183c0471b301e55346c9b45549987568af18a43ead
Red Hat Security Advisory 2020-0773-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.
60eb6a15e04cea05f1d24e5195704c6dd78857c339f8cc80b121340284ea2753
Persian VIP Download Script version 1.0 suffers from a remote SQL injection vulnerability.
612844e2d07069c99dedf034e02ac925c1c11c83757148c2e583f6f0a9ca859d
YzmCMS version 5.5 suffers from a persistent cross site scripting vulnerability.
039878cfad81220be93f7c91f3ea23bb6c131ef0f59df51e244a4bee9d638b4a
Sysaid version 20.1.11 b26 suffers from a remote command execution vulnerability.
165ad4837763969d6da42402b6c7f21dacba4bac228f556316bb541009b44f06
Counter Strike: GO .bsp memory control proof of concept exploit.
055038fb6daa96930f1d56b8eea499869e7c2a9634df53ea7ea173563a62f1a2