Symantec

Another vulners.com update this week. Search in Symantec Security Response vulnerabilities! 2898 Windows vulnerabilities has been added.

Symantec Windows Vulnerabilities

Advertisements

Vulners API update: download database in one click

Vulners development team added a new call to Vulners API v.3, which provides an easy way to export collections of security bulletins.

For example, to download all CVEs you need to

wget “https://vulners.com/api/v3/archive/collection/?type=cve” -O cve.zip

The result will be cve.zip with cve.json inside.

The same file can be downloaded with GUI at Stats tab

Vulners Stats

Moreover, with new API call you can download security bulletins for a particular OS version:

wget “https://vulners.com/api/v3/archive/distributive/?os=centos&version=6” -O centos.zip

It makes possible to get the data, which you won’t find anywhere else: the archives of exploits, hackerone history, all CentOS vulnerabilities, etc. This functionality might be useful if you want to make your own tools and data synchronization, if you already use some knowledge base.

No problem if you forgot “type” values. Just enter a nonexistent type, and you get a full list of available values:

https://vulners.com/api/v3/archive/collection/?type=FAKE

“Error”: “There is no type ‘FAKE’ Available collection types:. [ ‘Nessus’, ‘cve’, ‘exploitdb’, ‘xssed’, ‘zdt’, ‘hackapp’, ‘threatpost’, ‘redhat’, ‘debian’, ‘ubuntu’, ‘cert’, ‘metasploit’, ‘freebsd’, ‘zdi’, ‘oraclelinux’, ‘suse’, ‘centos’,’ cisco ‘,’ hackerone ‘,’ vulnerlab ‘,’ f5 ‘,’ mozilla ‘,’ ics’, ‘archlinux’, ‘ptsecurity’, ‘rdot’, ‘erpscan’, ‘huawei’, ‘xen’, ‘openssl’, ‘opera’, ‘vmware’, ‘wpvulndb’, ‘samba’, ‘postgresql’, ‘drupal’, ‘lenovo’, ‘msvr’, ‘paloalto’, ‘nginx’] “

It is also possible to obtain these results through the search queries. Unfortunately now it was not so easy, the maximum size for a single request is reduced from 10 000 to 500. It’s a forced measure, since the load on a server and the traffic volumes increased significantly.

Now we have a separation: search for the search, and archive/collection for content export.

Vulners API v.3 released

Vulners development team has released a major update for Vulners API. Automate your routine operations with vulners.com database easier and effectively than ever.

What’s new:

  • The most of Vulners API v.3 request are now use Get
  • New “search/id” request to view content of the bulletin by identifier
  • Requests for searching or viewing the content by id now support option “references = true”, which adds referenced objects to the results
  • Json output is now pretty-printed by default

All API methods: https://vulners.com/api/v3/
“Validateparam” contains all input parameters and types:

"lucene": [
        {
          "requireparam": {
            "parameters": [
              "query"
            ]
          }
        },
        {
          "validateparam": {
            "parameters": [
              {
                "skip": "int",
                "query": "str",
                "size": "int",
                "sort": "str"
              }
            ]
          }
        }
      ],

Examples:

Available fields and values: https://vulners.com/api/v3/search/suggest/?type=distinct&fieldName=type

{
  "data": [
    "nessus",
    "cve",
    "exploitdb",
    "xssed",
    "zdt",
...
    "lenovo",
    "msvr",
    "paloalto",
    "nginx"
  ],
  "result": "OK"
}

Vulners.com search query speed remains extremely high:

$ curl "https://vulners.com/api/v3/search/lucene/?query=type:centos&size=3&skip=2&references=true" -w %{time_connect}:%{time_starttransfer}:%{time_total}
...
],
"result": "OK"
}0,000:0,144:0,204

Average execution time is 35-45ms

The Only Invulnerable in CityF

Our project team took a part in СityF: The Standoff competitions at PHDays VI Information Security Conference.

PHDays key theme is ‘The Standoff’. This year we are replacing the usual CTF format and are instead bringing you a fully-fledged battle. We are using a realistic scenario in a specially designed setting that mimics a typical urban infrastructure. This time, the hackers will bring out the big guns in order to take down the city (CityF), while city defenders — security experts and the SOC — will be trying to counter their attacks.

Our ‪Vulners‬ city defenders team results on PHDays VI CTF competition:

  • WTF for hacking hackers team
  • excellence at banking for defending our CTF home
  • zen sensei for keeping calm
  • The Invulnerable – no comments
  • Last man standing

PHDays VI CTF results

PHDays VI CTF Awards Ceremony

https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fmona.sax%2Fvideos%2F10208276593545592%2F&width=500&show_text=false&appId=314625102035701&height=281


Ivan is a representative of defending team. They got so bored with all situation that nothing was happening around them so they decided to hack into hackers computer. And he came to the scene without any mask on his face. And all hackers were looking at him. Who is this guy? So, Ivan, the glory is yours.

Hi everyone. Yeah, we get bored and while we’ve been bored we scanned /16 subnet. We found some neighboring defending teams, some banks. And starting from 10 and higher we have found out that there were some user machines. And some of them had lot of open ports and http servers as well. And in one of this http services there were file upload functionality. It was an Apache server with PHP on. And then we just uploaded web shell with which we just had a lot of fun.

And by the the way it’s not prohibited by the rules. Rules doesn’t say not a single word that defenders can’t break the hackers. Ivan, just tell me please what about computers of those guys, are they operational, can they do something on them?

While being good defense team and not those evil hackers, we of course let theirs computers intact and operational, but we would like to warn all of you, well, it’s a hackers conference, so if you do something Internet based, keep your ports closed and your web service also closed. Just basic security precautions. Well, if you hack somebody, it doesn’t lead that somebody can not hack you.

Advertising. We are Vulners Team and we represent Vulners Vulnerability Database.

So, they can break and they can fix!

Good day for Vulners and 0day.today

0day.today is the ultimate database of exploits and vulnerabilities. It’s a great and well-known resource for vulnerability researchers and security professionals. Now you can search for 0day.today content with vulners.com. Just use “type:zdt” in search requests.

0day.today search results

You can see publicly available exploits with full source code.

Exploit 0day.today

For private exploit you will get the message: “This is private exploit. You can buy it at http://0day.today

Private exploit 0day.today

Starting from now three popular exploit databases are supported in Vulners: Metasploit, Exploit-DB, and 0day.today.

Suse Linux and Samba

Search in Samba and Suse Linux security bulletins with vulners.com!

stat
Suse support is a great deal. Bulletins describe vulnerabilities in many software products: SLES, SLED. openSUSE, Suse, Suse SDK, Suse for VMware, SUSE LTSS, etc. All versions of patched packages for all processor architectures were parsed and available in machine-readable form.

sles bulletin

Suse bulletins contain more records in affected section than all other bulletins all together. For example, SUSE-SA:2005:045  has 110 entries.

So, now Vulners supports almost all common Linux distributions:  Debian, Ubuntu, Arch Linux, RedHat, Oracle Linux, Cent OS and Suse (SLES, SLED, openSUSE).

Another hot topic is, of course, Samba.  Waited for details on Badlock? So, here it is: SAMBA:CVE-2016-2118(BADLOCK)

badlock

It is also interesting to see the hype about this vulnerability: https://vulners.com/search?query=badlock

HackApp indexed: 135,000 potential vulnerabilities in TOP 13,000 Android applications

Good news for all Vulners users. You can now search for vulnerabilities in more than 13,000 Android applications from US Google Play store. Just specify the “type: hackapp”. This became possible by adding the HackApp vulnerability database. The search results contain bulletin title, number of vulnerabilities by severity (red circle – critical, yellow circle – medium, gray circle – notice), information about the application (icon, current version, vendor name and release date).

Android vulnerabilities search results

Links to the application bulletin looks like https://vulners.com/hackapp/HACKAPP:COM.TIR.SIMULASYONU.APK. The bulletin contains brief description of vulnerabilities and vulnerable version of the application.

Android application vulnerabilities

HackApp storage scheme:

“hackapp”: {
“scheme”: {
“href”: “”,
“objectVersion”: “1.0”,
“modified”: “1970-01-01T00:00:00”,
“cvss”: {

},
“bulletinFamily”: “software”,
“hackapp”: {
“vendor”: “”,
“store”: “”,
“icon”: “”,
“apk”: “”,
“version”: “”,
“release”: “”,
“name”: “”,
“link”: “”,
“bugs”: [

]
},
“reporter”: “Hackapp.org”,
“hash”: “”,
“title”: “”,
“references”: [

],
“affectedSoftware”: [

],
“id”: “”,
“published”: “1970-01-01T00:00:00”,
“lastseen”: “1970-01-01T00:00:00”,
“cvelist”: [

],
“type”: “hackapp”,
“description”: “”
},
“displayName”: “Hackapp”,
“bulletinFamily”: “software”,
“lastrun”: “2016-04-04T08:49:30”,
“count”: 13516
}

Use this tags to make complex queries, for example, search the vendor: hackapp.vendor:”Umisoft Games”

Search by vendor name