This Metasploit module exploits a remote command execution on the Legend Perl IRC Bot . This bot has been used as a payload in the Shellshock spam last October 2014. This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and UDP flooding, the ability to remove system logs, and ability to gain root, and VNC scanning. Kevin Stevens, a Senior Threat Researcher at Damballa has uploaded this script to VirusTotal with a md5 of 11a9f1589472efa719827079c3d13f76.

This Metasploit module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget – DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. The bot answers only based on the servername and nickname in the IRC message which is configured on the perl script thus you need to be an operator on the IRC network to spoof it and in order to exploit this bot or have at least the same ip to the config.

Pacom 1000 CCU suffers from a multiple cryptography implementation vulnerabilities.

NorthSec 2016 has announced its Call For Papers. It will be held in Montreal, Canada, from May 19th through the 22nd.

Intellect Core banking software suffers from a cross site scripting vulnerability.

bitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability.

bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability.

Ubuntu Security Notice 2825-1 – Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. CVE-2015-6766, Several security issues were discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions. Various other issues were also addressed.

Red Hat Security Advisory 2015-2615-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift’s API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.

Google Chrome’s executable installers suffer from a DLL hijacking vulnerability.