CVE-2018-1234

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list ACL permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to...

Authentication flaw

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list ACL permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to...

CVE-2018-8896

In 2345 Security Guard 3.6, the driver file 2345DumpBlock.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044...

CVE-2014-2885

Concrete details from connected documents show that CVE-2014-2885 affects TrueCrypt 7.1a via two integer-overflow vectors: (1) OriginalLength handling in EncryptedIoQueue.c:MainThreadProc, enabling local information disclosure; (2) large StartingOffset/Length handling in Ntdriver.c:ProcessVolumeD...

kernel: Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak

A flaw was found in the Linux kernel's implementation of rawsendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel...

Dell EMC Isilon OneFS Multiple Vulnerabilities

1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities Date published: 2018-02-14 Date of last update: 2018-02-15 Vendors contacted: Del...

Juju-run Agent Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juju-run Agent Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Juju agent systems running the juju-run...

The vulnerability of the sctp_do_peeloff function in the Linux operating system allows a hacker to cause a service failure or exert other effects.

The vulnerability of the sctpdopeeloff function in the Linux operating system’s net/sctp/socket.c file is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker, acting locally, to cause service failures or other effects through specially crafted...

Linux kernel denial of service vulnerability (CNVD-2017-38511)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in kernel/bpf/verifier.c in Linux kernel version 4.14.8 and earlier. A local...

CVE-2017-14355

A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege...

macOS High Sierra - Root Privilege Escalation (CVE-2017-13872)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Root Privilege Escalation', 'Description' = %q This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user...

The vulnerability of the packet_set_ring function in the kernel of Linux operating systems allows a attacker to increase their privileges, cause service failures, or execute arbitrary code.

The vulnerability of the packetsetring function in the Linux operating system’s kernel is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, who has local privileges as CAPNETRAW, to create PFPACKET sockets, initiate racing states and memory usage...

UBUNTU-CVE-2017-8806

The Debian pgctlcluster, pgcreatecluster, and pgupgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL and other packages related to Debian and Ubuntu, handled symbolic links insecurely, which could result in local denial of service by...

Jnes 1.0.2 - Stack Buffer Overflow

Jnes 1.0.2 - Stack Buffer Overflow !/usr/bin/env python coding: utf-8 Exploit Title: Jnes Version 1.0.2 Stack Buffer Overflow Date: 3-11-2017 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: http://www.jabosoft.com/home Software Link:...

Jnes 1.0.2 - Stack Buffer Overflow

!/usr/bin/env python coding: utf-8 Exploit Title: Jnes Version 1.0.2 Stack Buffer Overflow Date: 3-11-2017 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: http://www.jabosoft.com/home Software Link: http://www.jabosoft.com/categories/3 Version: v1.0.2.15 Tested o...

PT-2017-3308 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14 Description: The issue is related to the sctp do peeloff function in the Linux kernel, which does not properly check the intended netns during a peel-off action. This can lead to a denial of service, causin...

NetMechanica NetDecision Winring0x32.sys Driver Elevation of Privilege Vulnerability

NetMechanica NetDecision is a suite of network device monitoring software.Winring0x32.sys driver is one of the drivers. A security vulnerability exists in the Winring0x32.sys driver in NetMechanica NetDecision version 5.8.2. A local attacker can exploit this vulnerability to gain privileges with...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30319)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .djvu file to execute...

STDU Viewer .epub File Buffer Overflow Vulnerability

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability to cause a denial of service with the help of a...

UBUNTU-CVE-2017-14340

The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service NULL pointer dereference and OOPS via vectors related to setting an RHINHERIT flag on a directory...