FreeBSD : PJSIP -- TCP denial of service in PJProject (e21474c6-031a-11e6-aa86-001999f8d30b)

The Asterisk project reports : PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP...

ISC BIND buffer.c REQUIRE Assertion Failure Denial of Service (CVE-2015-8705)

A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to improper conversion of OPT resource records ECS options to text format. A remote, unauthenticated attacker could exploit this vulnerability against Recursive or Authoritative DNS servers tha...

Understanding and Configuring EPA Verbose Logging on Citrix Gateway

CLI Configuration Run the following command on NetScaler for PreAuth and PostAuth EPA logging: set vpn param –clientSecurityLog ON Note : For PreAuth and PostAuth logging, the vpn param MUST be used. If the clientSecurityLog is modified in a SessionAction whose Session Policy has a ClientSecurity...

CVE-2016-2074

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command...

Report VT debug logs

The script reports possible issues within VTs. For best results set SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

MyBB < 1.6.10 Multiple Vulnerabilities

Binary data 9119.prm...

网康安全网关(Netentsec ASG) 6.3 /debug/rproxy_diag.php 任意文件下载漏洞

No description provided by source...

Ntpd ntp-4.2.6p5 ctl_putdata() Buffer Overflow

/ Ntpd Based on: ntpq client from ntp package Provided for legal security research and testing purposes ONLY PoC DoS Denial of Service PoC. Will crash NTPd. You will need to know the KEY ID and MD5 password, for example put this in you ntp.conf -------------- /etc/ntp.conf -------------- keys...

New php vulnerability discovery of the debug result of the security vulnerability, Edusoho-a vulnerability warning-the black bar safety net

Modern cms framework laraval/symfony/slim, leading to today's php vulnerability appears point, principle, using method, has undergone some changes, this series can hope to summarize their excavation of such a cms vulnerability. Today this vulnerability is Edusoho a user table dump vulnerability...

D-Link DSL-2750B Remote Command Execution

After some playing around I've noticed something interesting during login phase: by sending wrong credentials, user is redirected on an error page with url http://192.168.1.1:666/login.cgi?cli=access%20login%20encrypted%2041544A25DC00170BA90659AD4CBDD9D9$ http://imgur.com/ZG1vU2t In order to see...

virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception

It was found that the x86 ISA Instruction Set Architecture is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way sequential delivering of benign exceptions such as DB debug exception is handled. A privileged user...

Google Android ADB Debug Server - Remote Payload Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/adb' class Metasploit3 'Android ADB Debug Server Remote Payload Execution', 'Description' = %q Writes and spawns a native payload on...

Android ADB Debug Server Remote Payload Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/adb' class Metasploit3 'Android ADB Debug Server Remote Payload Execution', 'Description' = %q Writes and spawns a native payload on...

bind: denial of service

CVE-2015-8704 denial of service A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c. A server could exit while performing certain string formatting operations. Examples include but may not be limited to: 1 Slaves using text-format db...

冰峰VPN /log/system.log 敏感信息泄漏漏洞

由于“ICEFLOW VPN Router”设备产品存在各种日志文件未授权访问可导致系统敏感信息泄漏。（包括登录成功后的session值） 系统日志http://url/log/system.log VPN日志http://url/log/vpn.log 移动用户日志http://url/log/mobile.log 防火墙日志http://url/log/firewall.log 访问日志http://url/log/access.log 告警日志http://url/log/warn.log 错误日志http://url/log/error.log...

Mageia: Security Advisory (MGASA-2016-0030)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Harman AMX multimedia devices contain hard-coded credentials

Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-8362According to the researchers' blog post, several models of Harman AMX multimedia devices contain a hard-coded "backdoor" account with...

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P3, a buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c CVE-2015-8704. In ISC BIND before 9.10.3-P3, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the...

CVE-2015-8705

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit, or daemon crash or possibly have unspecified other impact via 1 OPT data or 2 an ECS option...

virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception

It was found that the x86 ISA Instruction Set Architecture is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way sequential delivering of benign exceptions such as DB debug exception is handled. A privileged user...