EasyNetSites 'nameDetail.php' Page SQL Injection Vulnerability

EasyNetSites is a WEB-based tool for managing organizational relationships on websites. A SQL injection vulnerability exists in the sn parameter of the nameDetail.php page of EasyNetSites, which originates from the program's failure to adequately filter user-submitted input, and can be exploited ...

UBUNTU-CVE-2016-9907

Quick Emulator Qemu built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredirhandledestroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...

UBUNTU-CVE-2016-9911

Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehciinittransfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...

CVE-2016-3685

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1438)

The openSUSE 14.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. The...

Moxa NPort Denial of Service Vulnerability

MOXA Nport is a serial communication server. A denial of service vulnerability exists in Moxa NPort. Due to an unlimited number of requests for resources, an attacker can exploit the vulnerability to cause a denial of service due to resource exhaustion...

Moxa NPort Cross-Site Scripting Vulnerability

MOXA Nport is a serial communication server. A cross-site scripting vulnerability exists in Moxa NPort. An attacker can exploit the vulnerability to launch a cross-site attack...

Moxa NPort Authentication Vulnerability

MOXA Nport is a serial communication server. An authentication vulnerability exists in the Moxa NPort. An attacker can exploit the vulnerability to brute-force bypass authentication...

Moxa NPort Plaintext Storage Vulnerability

MOXA Nport is a serial communication server. A plaintext storage vulnerability exists in Moxa NPort. An attacker can exploit the vulnerability to launch further attacks due to parameters containing plaintext passwords...

A for TP-Link debug Protocol TDDP）vulnerability Mining the story-vulnerability warning-the black bar safety net

I wrote this article originally in order to simplify the WiFi penetration testing research work. We want to use last year by the Core Security released WIWO, it can be a computer network interface and a WiFi Router between the establishment of a transparent channel. Research the first step is to...

B+B SmartWorx VESP211 Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in B+B SmartWorx’s VESP211 serial servers. B+B SmartWorx has produced an implementation plan to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

libguestfs and virt-p2v security, bug fix, and enhancement update

libguestfs 1:1.32.7-3 - Rebase to libguestfs 1.32 in RHEL 7.3 resolves: rhbz1218766 - The full tests are now run after the package has been built. - New tool and subpackage: virt-dib safe diskimage-builder replacement. - New subpackage libguestfs-inspect-icons to reduce dependencies of main pkg s...

DEBIAN-CVE-2016-8669

The serialupdateparameters function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving a value of divider greater than baud base...

CVE-2016-8669

The serialupdateparameters function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving a value of divider greater than baud base...

UBUNTU-CVE-2016-8669

The serialupdateparameters function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving a value of divider greater than baud base...

kernel: double-free in usb-audio triggered by invalid USB descriptor

A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges...

kernel: double-free in usb-audio triggered by invalid USB descriptor

A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges...

The vulnerability of the loaded module for kernel drivers/staging/media/lirc/lirc_imon.ko in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the loaded module containing the Linux kernel’s drivers/staging/media/lirc/lircimon.ko is related to mutual locking in the implementation of the imonprobe handler. Exploiting this vulnerability allows an attacker to cause a system failure when connecting the SoundGraph iMON...

openSUSE Security Update : virtualbox (openSUSE-2016-1226)

This update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 boo1005621. - Reduce memory needs during build. - Version bump to 5.0.28 released 2016-10-18 by Oracle This is a maintenance...

QEMU '/hw/char/serial.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. An information disclosure vulnerability exists in QEMU. An attacker could exploit this vulnerability to crash a QEMU instance, resulting in a...