June 9, 2020—KB4561621 (OS Build 17134.1550)

June 9, 2020—KB4561621 OS Build 17134.1550 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

June 9, 2020—KB4561649 (OS Build 10240.18608)

June 9, 2020—KB4561649 OS Build 10240.18608 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

Design/Logic Flaw

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

CVE-2020-13432

The CVE-2020-13432 entry concerns rejetto HFS (HTTP File Server) v2.3m Build 300. The connected docs confirm a remote buffer overflow that, under concurrent HTTP requests with long URIs or long headers, can trigger an invalid-pointer write access violation in hfs.exe, effectively enabling remote ...

HFS Http File Server 2.3m Build 300 Buffer Overflow Exploit

HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

HFS Http File Server 2.3m Build 300 Buffer Overflow

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.rejetto.com Product HFS Http File Server v2.3m Build 300...

Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server Application Path Traversal Vulnerability

Zoho ManageEngine DataSecurity Plus is a sensitive data management solution from Zoho USA. The product features data leakage prevention, data risk assessment and file server auditing. A path traversal vulnerability exists in the Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server...

ManageEngine DataSecurity Plus Authentication Bypass Vulnerability

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability. ManageEngine DataSecurity Plus Authentication Bypass Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3...

ManageEngine DataSecurity Plus Path Traversal / Code Execution

XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11531 XL-20-001 CVSSv3 score...

ManageEngine DataSecurity Plus Authentication Bypass

XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...

Security Bulletin: IBM Security Guardium is affected by a FileServer functionality vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4292 DESCRIPTION: IBM Security Guardium could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. CV...

Vulnerability fixed in glibc

A vulnerability has been fixed in glibc. The vulnerability allows a local malicious party the opportunity to cause a denial-of-service denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15. You can install these custom packages by using...

EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1179)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18...

Job fails to create VSS snapshot for SMB share

Challenge A File Backup/file to tape job skips VSS snapshot creation on SMB share and ends with the following message in the log: Failed to create a VSS snapshot, failing over to direct backup from the file share A File Backup job for an SMB3 File Share configured to use Backup from a Microsoft V...

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands...

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands...

ecstatic denial of service vulnerability

ecstatic is a simple static file server middleware. A denial of service vulnerability exists in ecstatic. An attacker could exploit this vulnerability to cause the application to crash...

Denial of Service (DoS)

Overview ecstatic is a simple static file server middleware. Use it with a raw http server, express/connect or on the CLI. Affected versions of this package are vulnerable to Denial of Service DoS. It is possible to crash a server using the package due to the way URL params parsing is handled...