27 matches found
kernel: race condition in perf_event_open leads to privilege escalation
A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERFTYPETRACEPOINT and sub PERFEVENTHARDWARE plus the PERFEVENTSOFTWARE using the perfeventopen function with these thr...
Nsasoft Hardware Software Inventory 1.6.4.0 Denial Of Service
Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...
Nsasoft Hardware Software Inventory 1.6.4.0 - (multiple) Denial of Service Exploit
Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10 Steps: 1- Run the python...
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...
U.S. Dept Of Defense: Access to requests and approvals via /█████ allows sensitive information gathering
Summary: An adversary is able to view/modify requests and approvals via ████████/████████. Step-by-step Reproduction Instructions 1. Browse to █████ and create an account or sign in. 2. Browse to ███████/██████████. You can now view current/past requests. 3. Clicking on these requests seems to...
CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...
Reducing Infrastructure Cost with new Enterprise Application Access Architecture
In an earlier blog, "Remote Access no longer needs to be Complex and Cumbersome", I wrote about the new game-changing remote access solution available from Akamai called Enterprise Application Access EAA. My thesis was that in our cloud-first, mobile-dominated world, providing access to...