bind security, bug fix, and enhancement update

32:9.11.13-3 - Fix rwlock to be thread-safe 1740511 32:9.11.13-2 - Release GeoIP data on reload 1790879 32:9.11.13-1 - Update to 9.11.13 32:9.11.12-5 - Report failures on systemctl reload 1739428 32:9.11.12-4 - dhcp: Use monotonic time for detecting time jumps if available 1729211 32:9.11.12-3 -...

kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS

Two memory leak flaws were found in the Linux kernel's mwifiexpcieinitevtring function. A local attacker, able to reload the kernel module or hotplug Marvell WiFi hardware using this driver, can cause a denial of service memory consumption by triggering mwifiexmappcimemory failures...

Cisco IOS and IOS XE Software Denial of Service Vulnerability (cisco-sa-20180328-bfd)

A denial of service DoS vulnerability exists in the Bidirectional Forwarding Detection BFD offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches due to insufficient error handling when the BFD header in a BFD packet is incomplete. An...

Heybbs Micro Community in***.php file has a reload vulnerability

Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs micro-community in.php file exists reloading vulnerability. An attacker can use the vulnerability to reset all the data on the website and gain server privilege...

NSClient++ 0.5.2.35 Authenticated Remote Code Execution

Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-04-20 Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64 CVE: N/A NSClient++ ...

NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit

Exploit for jsp platform in category web applications Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64...

Myucms 2.2.4 suffers from arbitrary file deletion vulnerability (CNVD-2020-27933)

MyuCMS open source content management system developed using ThinkPHP community mall aggregation, plug-ins, templates, lightweight and fast easy to expand. Myucms 2.2.4 version of the arbitrary file deletion vulnerability exists . Attackers can use the vulnerability to damage and reload the syste...

Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 DoS (cisco-sa-20190327-rsp3-ospf)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the ingress traffic validation for Cisco Aggregation Services Router ASR 900 Route Switch Processor 3 RSP3 due to insufficient validation of ingress traffic on the ASIC used on the RSP3 platform. An...

EAP: Vault system property security attribute value is revealed on CLI 'reload' command

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...

5iSNS content payment system is vulnerable to reloading

5iSNS content payment system is a home-grown , small , stable , support in the large amount of data still maintain a high load capacity of the SNS open source system . 5iSNS content payment system reloading vulnerability , attackers can use the vulnerability to reload the system...

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. The “Take A Way” attack, so-called by researchers with the Graz University of Technology in a new analysis this weekend, is a side-channel attack...

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. The “Take A Way” attack, so-called by researchers with the Graz University of Technology in a new analysis this weekend, is a side-channel attack...

9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as "Take A Way," the new potential attack vectors leverage the L1 data L1D cache way predictor in...

reload-rulez.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1110309 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting reload-rulez.com website...

5iSNS Content Payment System Exploits Arbitrary Reinstallation Vulnerability

5iSNS content payment system is a home-grown , small , stable , support in the large amount of data still maintain a high load capacity of the SNS open source system . 5iSNS content payment system exists arbitrary reloading vulnerability , attackers can exploit the vulnerability to reload the sit...

Cisco Adaptive Security Appliance Software IKEv1 DoS (cisco-sa-20191002-asa-ftd-ikev1-dos)

According to its self-reported version the Cisco Adaptive Security Appliance ASA Software running on the remote device is affected by a denial of service DoS vulnerability in the Internet Key Exchange version 1 IKEv1 feature of Cisco Adaptive Security Appliance ASA Software. The vulnerability is...

The vulnerability of the FTP file transfer protocol in Firefox browsers allows attackers to compromise data integrity.

The vulnerability of the FTP file transfer protocol in Firefox is related to an initialization error in the modal notification that can be triggered when the page is reloaded. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

Cisco Discovery Protocol Denial of Service Vulnerability in Cisco FXOS, IOS XR and NX-OS Software

Cisco NX-OS Software and others are products of Cisco Corporation.Cisco NX-OS Software is a suite of data center-grade operating system software for use in switches.Cisco FXOS Software is a suite of firewall software that runs in Cisco security appliances.Cisco IOS XR is a suite of operating...

CVE-2020-3120

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is d...

CVE-2020-3118

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...