9061 matches found
Default credentials
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
UBUNTU-CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6836
The vmxnet3completepacket function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcqdescr object...
Debian DLA-733-1 : openafs security update
It was discovered that there was an information leak vulnerability in openafs, a distributed filesystem. Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain 'dead' directory entry information. For Debian 7 'Wheezy', this issue has been...
CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
shopify-scripts: mruby-time: Crash host with uninitialized Time obj
So once again, another try ; As always hopefully unknown and valid ; Time::initializecopy performs its copy action even on Time objects on which initialize never ran, leading to a crash. The PoC crashes https://www.mruby.science/runs - didn't try Shopify production servers for the usual reasons. ...
DEBIAN-CVE-2016-4333
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the...
UBUNTU-CVE-2016-4333
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the...
PHP deserialization vulnerability causes and vulnerabilities mining techniques and case-vulnerability warning-the black bar safety net
One, serialization and deserialization Serialization and deserialization of the object is such that the Inter-program transfer object will be more convenient. Serialization is converting an object to string to store the transmission in a way. And deserialization is exactly the sequence of the...
[SECURITY] Fedora 25 Update: pacemaker-1.1.15-3.fc25
Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...
[SECURITY] Fedora 23 Update: pacemaker-1.1.15-2.fc23
Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...
The vulnerability of libraries that provide system calls and basic functions of glibc and eglibc allows attackers to control the execution of the thread.
The vulnerability of the PTRMANGLE implementation in libraries that provide system calls and core functions of glibc and eglibc is related to the improper initialization of a random value for pointer protection. Exploiting this vulnerability allows an attacker to control the execution of the thre...
kernel security and bug fix update
kernel - 2.6.18-416.0.0.0.1 - netfront fix ring buffer index go back led vif stop orabug 18272251 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add...
Windows Meterpreter Shell, Reverse HTTPS Inline (x64)
Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 204892 include Msf::Payload::TransportConf...
openSUSE: Security Advisory for systemd (openSUSE-SU-2016:2522-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
tomcat: tomcat writable config files allow privilege escalation
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...
tomcat: tomcat writable config files allow privilege escalation
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...
CVE-2016-6325
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...