Dell iDRAC IPMI 1.5 Insufficient Session ID Randomness

""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness

""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...

Ecava IntegraXor DLL Vulnerabilities

OVERVIEW Security researcher Praveen Darshanam has identified two DLL loading vulnerabilities in Ecava’s IntegraXor SCADA Server. Ecava has produced a patch that mitigates these vulnerabilities. Praveen Darshanam has tested the patch to validate that it resolves the vulnerabilities. AFFECTED...

Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)

Guest effectable page reference leak in MMUMACHPHYSUPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)

Guest effectable page reference leak in MMUMACHPHYSUPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

JVN#55667175: QNAP QTS vulnerable to OS command injection

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...

Fedora 19 : xen-4.2.5-3.fc19 (2014-12000)

Improper MSR range used for x2APIC emulation XSA-108, CVE-2014-7188 Race condition in HVMOPtrackdirtyvram XSA-104 1145736 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-105 1145737 Missing privilege level checks in x86 emulation of software interrupts XSA-106 114573...

xen: security and bugfix update (important)

XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...

Fedora 21 : xen-4.4.1-4.fc21 (2014-11271)

Race condition in HVMOPtrackdirtyvram XSA-104 1145736 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-105 1145737 Missing privilege level checks in x86 emulation of software interrupts XSA-106 1145738 Note that Tenable Network Security has extracted the preceding...

GNU Bash shell executes commands in exported functions in environment variables

Overview GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution. Description UPDATE: New CVE-IDs added for incomplete patches. Additional resources added and vendor patch information updated.CWE-78: OS Command Injection Bash supports exporting of...

Missing privilege level checks in x86 emulation of software interrupts

ISSUE DESCRIPTION The emulation of instructions which generate software interrupts fails to perform supervisor mode permission checks. However these instructions are not usually handled by the emulator. Exceptions to this are - when a memory operand implicit for the affected instructions lives in...

Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation

ISSUE DESCRIPTION The emulation of the instructions HLT, LGDT, LIDT, and LMSW fails to perform supervisor mode permission checks. However these instructions are not usually handled by the emulator. Exceptions to this are - when the instruction's memory operand if any lives in emulated or passed...

Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1911/info The ASP ISAPI file parser does not properly execute certain malformed ASP files that contain scripts with the LANGUAGE parameter containing a buffer of over 2200 characters and have the RUNAT value set as...

Cisco IOS Tiny Shellcode 1.0

No description provided by source. ---------------------------------------------------------------------------------------- Cisco IOS Tiny shellcode v1.0 c 2007 IRM Plc By Gyan Chawdhary ---------------------------------------------------------------------------------------- The code creates a ne...

SGI InfoSearch 1.0,SGI IRIX 6.5.x fname Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing commands to b...

CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at th...

Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 FTP Server Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1411/info Certain versions of the LDAP-aware Netscape Professional Services FTP Server distributed with Enterprise Web Server have a serious vulnerability which may lead to a remote or local root compromise. The...

Cisco IOS Bind Shellcode 1.0

No description provided by source. ---------------------------------------------------------------------------------------- Cisco IOS Bind shellcode v1.0 c 2007 IRM Plc By Varun Uppal ---------------------------------------------------------------------------------------- The code creates a new...

WEBgais 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2058/info WEBgais is a script that provides a web interface to the gais Global Area Intelligent Search search engine tool. All versions up to 1.0B2 are vulnerable. The vulnerable script is /cgi-bin/webgais: due to imprope...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...