Provisioning Services :"You must restart your computer to apply these changes" Occurs on Every Target Device but not on the Template VM

After any changes in hardware configuration of template used to create target device , target devices start getting prompt "You must restart your computer to apply these changes" when booting from the same vDisk...

EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2018-1285)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory...

Design/Logic Flaw

In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add...

NagiosXI Authentication Bypass (CVE-2018-8733)

An authentication bypass vulnerability exists in NagiosQL. Successful exploitation of this vulnerability would allow an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli Monitoring for Tivoli Storage Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Tivoli Monitoring for Tivoli Storage Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Directory Server (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational Directory Server and Administrator. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol may affect IBM Sterling B2B Integrator and IBM Sterling File Gateway based on customer configuration and use. Vulnerability Details CVE ID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remo...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive informatio...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2015-0138)

Summary The "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVE ID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote...

Input validation

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

CVE-2018-0333

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

CVE-2018-0333

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

CVE-2018-0333

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

Open-AudIT 2.1 CSV Macro Injection

Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link: https://www.open-audit.org/downloads.php Affected Version: 2.1 Category:...

Open-AudIT 2.1 - CSV Macro Injection

Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link: https://www.open-audit.org/downloads.php Affected Version: 2.1...

CVE-2018-8733

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability...

Sql injection

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability...

CVE-2018-8733

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability...

CVE-2018-8733

CVE-2018-8733 affects Nagios XI up to version 5.4.x (before 5.4.13) in the core config manager. An unauthenticated attacker can bypass authentication to make configuration changes and can leverage an authenticated SQL injection vulnerability, with public exploitation activity documented (Metasplo...