Error When Booting Target Devices: "vDisk file access permission denied"

Booting target device to a vDisk was showing the following error after downloading the bootstrap file: "Server IP Address:6930: vDisk file access permission denied."...

How to disable Interrupt Safe Mode in Provisioning Services

How to disable Interrupt Safe Mode in Provisioning Services The "Interrupt Safe Mode" configuration is a special setting designed to handle bad PXE implementations that do not comply with PXE standards or have bugs. The setting forces a reset on the UNDI Interface after sending every packet into...

bootstrap_carousel - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-088

This module provides a way to make carousels, based on bootstrap-carousel.js. The module doesn't sufficiently handle output of img HTML tag's alt property. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Carousel: Create new content" or any simil...

Amazon Web Services CloudFormation bootstrap arbitrary code execution vulnerability

The Amazon Web Services AWS CloudFormation bootstrap tools package also known as aws-cfn-bootstrap is a suite of cloud computing services from Amazon.com, Inc.The CloudFormation bootstrap tools package is one of the cloud resource configuration toolkits. A security vulnerability exists in the...

CVE-2017-9450

The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...

Directory traversal

The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...

CVE-2017-9450

The CVE-2017-9450 issue affects the AWS CloudFormation bootstrap tools package (aws-cfn-bootstrap) prior to 1.4-19.10. The vulnerable component is the cfn-hup daemon, which an attacker with local access can abuse by writing a crafted file to escalate to root and execute arbitrary code, compromisi...

SQL Injection Vulnerability in YxtCMF Frontend IndexController.class.php Page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the IndexController.class.php page of the YxtCMF frontend. An attacker can exploit the vulnerability to obtain sensitive...

Chef Information Disclosure Vulnerability

Chef is written by Ruby form management software , it is a pure Ruby domain-specific language DSL to save the system configuration "recipes recipes" or "cookbook cookbooks". chef Developed by Opscode , and released under the Apache protocol version 2.0 open source . A security vulnerability exist...

Information Disclosure

chef is vulnerable to information disclosure. When you knife bootstrap a node, the validation key is printed into the logs found at /var/log/messages...

CVE-2015-8559

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages...

UBUNTU-CVE-2015-8559

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages...

DEBIAN-CVE-2017-13028

The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint...

CVE-2017-13028

The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint...

Important: aws-cfn-bootstrap

Issue Overview: The default umask value is set to 022 to address a privilege escalation security vulnerability. Affected Packages: aws-cfn-bootstrap Issue Correction: Run yum update aws-cfn-bootstrap or yum update --advisory ALAS-2017-895 to update your system. 1. Run yum update aws-cfn-bootstrap...

Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-886)

New optional parameter 'umask' introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2017-886. include"compat.inc"; if...

Web-based OSINT and Active Reconnaissance Suite: D0xk1t

Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source , self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers. Based off of the prior command-line script, D0xk1t is now fully capable of...

SQL Injection Vulnerability in the Latest Version of YxtCMF

YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. The latest version of YxtCMF has a SQL injection vulnerability, which is exploited by attackers to obtain database sensitive information...

Stored cross-site scripting vulnerability in the study function on the YxtCMF CourseController.class.php page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A stored cross-site scripting vulnerability exists in the study function on the YxtCMF CourseController.class.php page. An attacker can insert malicious js code into...

Override Access Vulnerability in MicrosRock v1.0

Microscale is a free and open source microsoft public number management system. An override access vulnerability exists in Weixin v1.0. The vulnerability is due to bootstrap.sys.inc.php failing to make strict judgments on permissions that allows a remote attacker to perform an override and gain...