libtta 'encoder::process_stream()' heap buffer overflow vulnerability

libtta is the library in linux that supports ATA host controllers. A heap-based buffer overflow exists in the libtta 'encoder::processstream' function, allowing an attacker to exploit the vulnerability to crash the application...

libtta 'console/tta.cpp' divide-by-zero denial-of-service vulnerability

libtta is the library in linux that supports ATA host controllers. The Libtta 'console/tta.cpp' function has a divide-by-zero error that allows an attacker to exploit a vulnerability to crash the application...

Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs

There are a number of serious vulnerabilities in the Siemens Ruggedcom WIN switches, including a remotely exploitable buffer overflow and a flaw that could allow an attacker to take actions on the device without authentication. The vulnerabilities affect several models of the Ruggedcom WIN...

USN-2481-1 samba vulnerability

Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further...

PHPB2B某处sql注入#3

简要描述： PHPB2B某处sql注入3 详细说明： PHPB2B某处sql注入 官网最新版本 libraries/core/controllers/productcontroller.php 176-187行 function lists global $pos, $viewhelper; $viewhelper-setPositionL"productcenter", 'tpl', 'index.php?do=product'; $viewhelper-setTitleL"productcenter", 'tpl'; setvar"module", "product";...

Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines

Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and...

Cisco Wireless LAN Controllers 5500 Series (POODLE)

The remote Cisco Wireless LAN Controller WLC is affected by an information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. MitM attackers can decry...

Additional information about CVE-2014-6324

Today Microsoft released update MS14-068 to address CVE-2014-6324, a Windows Kerberos implementation elevation of privilege vulnerability that is being exploited in-the-wild in limited, targeted attacks. The goal of this blog post is to provide additional information about the vulnerability, upda...

Authentication flaw

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session...

CVE-2014-7299

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session...

CVE-2014-0140

Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request...

CVE-2014-0140

Red Hat CloudForms Management Engine (CFME) prior to 5.3 is affected. An authenticated user could access sensitive controllers and actions via direct HTTP(S) requests, enabling possible privilege escalation. The issue is documented under CVE-2014-0140 and addressed in Red Hat’s RHSA-2014:1317; re...

PT-2014-3496 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Recommendations: For versions prior to 5.3, update to version 5....

CFME: default routes expose controllers and actions

It was found that Red Hat CloudForms exposed default routes that were reachable via HTTPS requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2014:1281 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...

RedHat Update for kernel RHSA-2014:1281-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : kernel (RHSA-2014:1281)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1281 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux...

CentOS 7 : kernel (CESA-2014:1281)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

supermicro-ipmi-conf NSE Script

Attempts to download an unprotected configuration file containing plain-text user credentials in vulnerable Supermicro Onboard IPMI controllers. The script connects to port 49152 and issues a request for "/PSBlock" to download the file. This configuration file contains users with their passwords ...