Belden Hirschmann GECKO

CVSS v3 5.9 ATTENTION: Remotely Exploitable/high skill level to exploit. Vendor: Belden Equipment: Hirschmann GECKO Vulnerability: Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS The following GECKO switch versions are affected: Hirschmann GECKO Lite Managed switch,...

UBUNTU-CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

Format string

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

StoreFront Management Console Reverts NetScaler Gateway Authentication Type to "Domain"

When editing Authentication Settings in MMC under NetScaler Gateway applicance, the Auth type is reverted to Domain. For instance, if we select Smartcard then apply the changes and reopen the console, the authtype would appear as "Domain". However, the configuration file will make the changes. On...

SentryHD 02.01.12e - Local Privilege Escalation

''' Exploit Title: SentryHD 02.01.12e Privilege Escalation Date: 18-01-2017 Software Link: http://www.minutemanups.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: local 1. Description Every user can read: c:\Program Files...

MS15-041: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1: April 14, 2015

MS15-041: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1: April 14, 2015 View products that this article applies to. Summary Th...

MS15-041: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: April 14, 2015

MS15-041: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: April 14, 2015 View products that this article applies to. Introduction This update resolves a vulnerability in the Microsoft .NET Framework that could...

MS15-041: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: April 14, 2015

MS15-041: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: April 14, 2015 View products that this article applies to. Introduction This update resolves a vulnerability in the Microsoft .NET Framework that could allow information disclosure i...

Zend Framework Configuration File Disclosure Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. Zend Framework has a configuration file disclosure vulnerability that can be exploited by an attacker to download...

CVE-2016-6662

It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...

Authorization

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file...

CVE-2016-2871

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file...

Debian DLA-713-1 : sniffit security update

It was discovered that there was a buffer overflow in the packet sniffer and monitoring tool 'sniffit' which allowed a specially crafted configuration file to provide a root shell. For Debian 7 'Wheezy', this issue has been fixed in sniffit version 0.3.7.beta-16.1+deb7u1. We recommend that you...

Oracle MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities

Binary data 9748.prm...

ir-rescue - A Windows Batch Script To Comprehensively Collect Host Forensic Data

ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script e.g. , prefetch files. It is intended for incident response use a...

CVE-2016-5425

It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

Apache Tomcat 876 (RedHat Based Distros) - Local Privilege Escalation

Apache Tomcat 876 RedHat Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-5425 - Release date: 10.10.2016 - Revision: 1 - Severity: High...

Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation

Exploit for linux platform in category local exploits ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-5425 - Release date: 10.10.2016 - Revision: 1 - Severity: High...

[ASA-201610-7] wpa_supplicant: multiple issues

Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...