Microsoft Windows 10 1809 LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver can...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver can confuse the cache and memory manager to replace the...

directory-validators (>=4.4.1 <=4.5.0), django-admin-caching (=0.1.3) +27 more potentially affected by CVE-2018-7536 via django (>=1.11.0 <=1.11.10)

django PYPI version =1.11.0, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 - django-misa =0.0.1 - django-mogi =0.0.1 and more Source cves: CVE-2018-7536 Source advisory: OSV:GHSA-R28V-MW67-M5P9...

DEBIAN-CVE-2018-16948

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSC...

cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...

Cameradar - An RTSP Surveillance Camera Access Multitool

Cameradar hacks its way into RTSP CCTV cameras Cameradar allows you to: Detect open RTSP hosts on any accessible target Get their public info hostname, port, camera model, etc. Launch automated dictionary attacks to get their stream route for example /live.sdp Launch automated dictionary attacks ...

USN-2995-1 squid3 vulnerabilities

Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. CVE-2016-3947 Yuriy M. Kaminskiy...

squid: buffer overflow in cachemgr.cgi

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code...

squid: buffer overflow in cachemgr.cgi

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code...

CentOS Update for squid CESA-2013:0505 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : squid on SL6.x i386/x86_64 (20130221)

A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to cause Squid to consume an excessive amount of memory. CVE-2012-5643 This update also fixes the following bugs : -...

squid: cachemgr.cgi memory usage DoS and memory leaks

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service memory consumption via 1 invalid Content-Length headers, 2 long POST requests, or 3 crafted authenticatio...

Squid Proxy Cache cachemgr.cgi Resource Exhaustion (CVE-2012-5643)

A resource exhaustion vulnerability has been reported in Squid Proxy Cache Manager. The vulnerability is due to missing input validation in the cachemgr.cgi tool. A remote, unauthenticated attacker can send specially crafted POST requests to cause cachemgr.cgi to use large amounts of memory...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

DEBIAN-CVE-2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

CVE-2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

Null pointer dereference

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

OpenAFS: Privilege escalation

Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...