F5 BIG-IP - Authentication Bypass (PoC)

F5 BIG-IP - Authentication Bypass PoC Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...

Dell KACE K2000 Appliance contains backdoor administrator account

Overview The Dell KACE K2000 System Deployment Appliance contains a hidden administrator account that could allow a remote attacker to take control of an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...

Most advanced and dangerous malware for Apple products - why you should be concerned !

Most advanced and dangerous malware for Apple products - Why you should be concerned ! Indian security researcher from MalCon has created an advanced and dangerous malware for Apple products which can not only compromize your privacy but also steal important data and let hackers control your...

Lumension Device Control memory corruption

Memory corruption on TCP/65129 traffic parsing...

NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption

======= Summary ======= Name: Lumension Device Control formerly Sanctuary remote memory corruption Release Date: 24 August 2011 Reference: NGS00054 Discoverer: Andy Davis [email protected] Vendor: Lumension Vendor Reference: Systems Affected: Lumension Device Control v4.4 SR6 Risk: High...

Lumension Device Control Memory Corruption

======= Summary ======= Name: Lumension Device Control formerly Sanctuary remote memory corruption Release Date: 24 August 2011 Reference: NGS00054 Discoverer: Andy Davis Vendor: Lumension Vendor Reference: Systems Affected: Lumension Device Control v4.4 SR6 Risk: High Status: Published ========...

CentOS Update for xterm-215-5.el5 CESA-2009:0018 centos5 i386

Check for the Version of xterm-215-5.el5 OpenVAS Vulnerability Test CentOS Update for xterm-215-5.el5 CESA-2009:0018 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CentOS Update for xterm CESA-2009:0018 centos3 i386

Check for the Version of xterm OpenVAS Vulnerability Test CentOS Update for xterm CESA-2009:0018 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Cisco Releases Security Advisory and Applied Mitigation Bulletin

Cisco has released a security advisory and an applied mitigation bulletin to address vulnerabilities in Cisco TelePresence Recording Server Software Release 1.7.2.0. Successful exploitation of these vulnerabilities may allow an attacker to bypass security restrictions or take control of the...

NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption

Lumension Device Control formerly Sanctuary remote memory corruption 24/05/2011 Andy Davis of NGS Secure has discovered a high risk vulnerability in Lumension Device Control. Sending a specially crafted packet to a TCP service running on the Lumension Application Server results in a memory...

Lumension Security Lumension Device Control 4.x - Memory Corruption

Lumension Security Lumension Device Control 4.x - Memory Corruption source: https://www.securityfocus.com/bid/47952/info Lumension Security Lumension Device Control formerly Sanctuary is prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause a denial-of-service...

kernel: drivers/serial/serial_core.c: reading uninitialized stack memory

The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

kernel: drivers/net/eql.c: reading uninitialized stack memory

The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...

Riorey RIOS Hardocded Password

Title: Riorey "RIOS" Hardcoded Password Vulnerability Severity: High Full root access to the device Date: 07 October 2009 Versions Affected: RIOS 4.6.6 , 4.7.0 possibly others Discovered on: 25 July 2009 Vendor URL: www.riorey.com Author: Marek Kroemeke Overview: Riorey DDoS mitigation appliences...

Fedora 9 : xterm-238-1.fc9 (2009-0059)

This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related...

xterm: arbitrary command injection

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...

Fedora Core 9 FEDORA-2009-0059 (xterm)

The remote host is missing an update to xterm announced via advisory FEDORA-2009-0059. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability

Exploit for linux platform in category local exploits ================================================================ Debian GNU/Linux XTERM DECRQSS/comments Weakness Vulnerability ================================================================ Package: xterm Version: 222-1etch2 Severity: grave...

Crlf injection

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...

CVE-2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...