XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.

Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

Ubuntu Security Notice 3727-1 - It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

The No cON Name 2019 call for papers has been announced. It will be held in Barcelona, Spain, from November 14th and 15th, 2019.

BSidesLisbon 2019 has announced its call for papers. It will be held November 28th and 29th at Auditorio FMD-UL.

The ZeroNights 2019 Call For Papers has been announced. It will be held in Saint-Petersburg, Russia November 12th through the 13th, 2019.

RootedCON is a technology congress that will be held in Madrid (Spain) March 5th through the 7th, 2020. With an estimated seating from 2,000 and 2,500 people, is the most relevant specialized congress that is held in the country, and one of the most relevant in Europe, with attendee profiles ranging from students, Law Enforcement Agencies to professionals in the technology and information security market and, even, just passionate people.

The c0c0n 2020 Middle East call for papers has been announced. It will take place June 15th through the 18th, 2020 at the St. Regis in Abu Dhabi.

B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.

LeHACK 2020 is a yearly rendezvous where hackers and aficionados are meeting with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2020 will be held in La Cite des Sciences et de l'Industire in Paris, France from June 26th through the 27th, 2020.

REVULN 20x1 is an international conference taking place the April 28th through the 30th, 2020 in Metro Manila (Philippines) at the RED Hotel Cubao.

REVULN 20x2 is an international conference taking place the June 25th through the 26th, 2020 in St. Paul's Bay (Malta) at the Hotel Santana.

BSides Brussels is a security conference in Brussels, Belgium, with talks, workshops and villages. The goal is to strengthen the exchange of knowledge, cooperation, communication, and integration between the different actors active in the IT security industry. We are pleased to announce that the first edition of BSides Brussels will be held on May 28th, 2020.

This is an article discussing Apache2 Web Server hardening. Written in Turkish.

This Metasploit module exploits a directory traversal in Huawei HG255.

FIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

PhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability.

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

velBox version 1.2 suffers from an insecure cookie handling vulnerability.

xWeblog version 2.2 suffers from an insecure cookie handling vulnerability.

PHP Hosting Directory version 2.0 suffers from an insecure cookie vulnerability that allows for administrative bypass.

Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.

Red Hat Security Advisory 2020-1975-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1979-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1980-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1422-01 - This release of Red Hat build of Eclipse Vert.x 3.9.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Red Hat Security Advisory 2020-1616-01 - Irssi is a modular IRC client with Perl scripting. Issues addressed include a use-after-free vulnerability.

Ice HRM version 26.2.0 suffers from a cross site request forgery vulnerability.