[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.2-1.fc24

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Phabricator: Full path disclosure

Mongoose. The full path of the phabricator install is shown if you go to /login/mustverify/ while being logged out. This could be seen as a server configuration issue, but I think I followed your installation guide closely. Since I already wrote it I include a little patch, please feel free to...

Moxa EDR-G903 Unauthorized Operation Vulnerability

Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in the Moxa EDR-G903 V3.4.11 and earlier versions. An unauthenticated remote attacker can exploit the vulnerability by accessing a specially crafted URL to delete server-side...

Gratipay: suppress version in Server header on gratipay.com or grtp.co

Summary: Server version information is returned in the response headers. Estimated severity: Low More info: Any page requested on the site returns a lot of information in the response headers. This information includes specific version information for the server and proxy. The following version...

Web Server Error Page Information Disclosure

The default error page sent by the remote web server discloses information that can aid an attacker, such as the server version and languages used by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

UBUNTU-CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...

Let's Encrypt Initiative Enters Public Beta

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption. The latest step comes on the heels of the movement issuing its first certificate back in September and...

IBM System Networking Switch Center Local Privilege Escalation Vulnerability

This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on...

Troubleshooting Citrix Receiver for Android

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Many connection issues might be caused by configuration issues on your IT department’s servers or...

CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

Sysax Multi Server 6.40 - SSH Component Denial of Service

''' Exploit title: Sysax Multi Server 6.40 ssh component denial of service vulnerability Date: 29-8-2015 Vendor homepage: http://www.sysax.com Software Link: http://www.sysax.com/download/sysaxservsetup.msi Version: 6.40 Author: 3unnym00n Details: ---------------------------------------------- by...

Veeam Backup & Replication fails to connect to Linux server with an error about negotiation

Challenge When attempting to add a managed Linux server or edit a Linux repository one of the following errors occurs: Negotiation failed. The client and the server have no common key exchange algorithm. Copy Negotiation failed. The client and the server have no common encryption algorithm. Copy...

Oracle Endeca Information Discovery Integrator ETL Server File Download Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists within the handling of file downloads. The...

Oracle Endeca Information Discovery Integrator ETL Server RenameFile Remote Code Execution Vulnerability

This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists in the handling of the RenameFi...

Oracle Endeca Information Discovery Integrator ETL Server MoveFile Remote Code Execution Vulnerability

This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists in the handling of the MoveFile...

Oracle Endeca Information Discovery Integrator ETL Server CopyFile Remote Code Execution Vulnerability

This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists in the handling of the CopyFile...

Nikto2 - Web Server Scanner

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...

openSUSE Security Update : cups (openSUSE-2015-418)

This update fixes the following issues : - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server CUPS STR4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159 bugzilla.suse.com bsc924208. In gener...

SysAid Help Desk Database Credentials Disclosure

This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. This is used to download the server configuration file that contains the database username and password, which is encrypted with a fixed, known key. This modul...

Xeams 4.5 Build 5755 - Multiple Vulnerabilities

Exploit Title: Multiple vulnerabilities in Xeams 4.5 Build 5755 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/XeamsDownload.htm Version: 4.5 Build 5755...