drchrono: node.drchrono.com - Information Disclosure and Windows Host Exposed

This host has the following TCP ports open; 21 - FTP 22 - SSH 135 - Windows RPC Dynamic 445 - Microsoft DS 3389 - Remote Desktop 5986 - PowerShell Remoting 47001 - WinRM The server appears to be secured well on the whole. However the services SSH and FTP do all give out some information. Please s...

[SECURITY] Fedora 24 Update: jenkins-remoting-2.57-1.fc24

This package is primarily used by Jenkins for slave node management, but it could be potentially reused outside of this project...

Mageia: Security Advisory (MGASA-2016-0162)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0162 Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...

. NET Remoting remote code execution vulnerability explore-exploit warning-the black bar safety net

This is an article on . NET Remoting the security of the Coptic text, in the article will use a simple RCE exploit and provide the right case will be described. This paper mainly has the following content: 1. The . NET Remoting technology made a brief introduction 2. Use VS 编写 一 个 简单 的 .NET...

CVE-2016-0788

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...

CVE-2016-0788

CVE-2016-0788 affects the Jenkins remoting module. The vulnerability allows remote code execution by an attacker who can open a JRMP listener, enabling arbitrary code execution on the Jenkins host. Affected software is Jenkins before version 1.650 and Jenkins LTS versions before 1.642.2. The impa...

jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

Fedora Update for jenkins-remoting FEDORA-2016-641

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for jenkins-remoting FEDORA-2016-0

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : jenkins-1.609.3-3.fc22 / jenkins-remoting-2.53-1.fc22 (2015-a433d8ba72)

Fix CVE-2015-5318, CVE-2015-5320, CVE-2015-5325, SECURITY-218 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

联想 ThinkVantage System Update 软件 UNCServer.exe 后门漏洞

文章作者： DannyWei@腾讯玄武实验室 参考来源： http://drops.wooyun.org/papers/10231 原文标题： 一个PC上的 "WormHole" 漏洞 前言 --- 最近安全界关注的焦点 WormHole 是一类不安全的开发习惯所导致的，在 PC 上类似问题也毫不罕见，只不过很多风险被微软默认自带的防火墙缓解了。希望本文和众多关于 WormHole 的讨论能获多或少地提高一些开发人员的安全意识。 下面要介绍的问题可导致的后果和 WormHole 非常类似：影响上亿用户、访问一个端口发送一条指令就可以让目标系统下载一个程序并执行。...

BMC Track-It! 11.4 - Multiple Vulnerabilities

BMC Track-It! 11.4 - Multiple Vulnerabilities Multiple critical vulnerabilities in BMC Track-It! 11.4 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/07/2016 / Last updated:...

Powershell Remoting Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Powershell Remoting Remote Command Execution', 'Description' = %q Uses Powershell Remoting TCP 47001 to inject payload...

Fedora Update for jenkins-remoting FEDORA-2014-15776

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Powershell Remoting Remote Command Execution

This module uses Powershell Remoting TCP 47001 to inject payloads on target machines. If RHOSTS are specified, it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames. This module requires Metasploit: https://metasploit.com/download Current source...

. NET remote code execution MS14-0 2 6/CVE-2 0 1 4-1 8 0 6-a vulnerability warning-the black bar safety net

今天 看 到 小 猪 在 safekey 的 群 里面 说 关注 了 很 久 了 一 个 .NET a remote code execution vulnerability exp discloses, then immediately go to exploit-db to find the next find the it. This is Microsoft in 1 4 years 5 months has released a patch for a vulnerability that is MS14-0 2 6/CVE-2 0 1 4-1 8 0 6, bug the...

CVE-2 0 1 4-1 8 0 6 . NET Remoting Services vulnerability analysis-vulnerability warning-the black bar safety net

0x00 description Microsoft . NET Remoting is a distributed processing manner, there is provided a method that allows the object by the application domain with the other objects to interact with the framework. A few days ago James Forshaw posted a CVE-2 0 1 4-1 8 0 6 . NET Remoting Services exploi...