Boot Signal fails while reboot and shutdown signal works properly

The machines created from Streaming VM setup wizard are unable to boot when boot signal is sent from the PVS console. If we send the reboot or shutdown signal it reboots or shuts down the machines...

The vulnerability of the SELinux security mechanism, which allows a perpetrator to circumvent existing access restrictions

The vulnerability of the SELinux security mechanism is related to code errors. Exploiting this vulnerability can allow an attacker, who operates locally, to gain access to memory with write and execute privileges by manipulating system calls such as iosetup, ioctxalloc, and aiosetupring...

Open-Xchange: Stored XSS in Template Documents

Steps to reproduce: Setup: Edit My Contact Data: - first name: ' onmouseover=alert1 data-first=' - last name: anything 1. Create a new text document, and make sure it is saved. 2. Click Review, check "Track Changes". 3. Make another edit, it should show coloured now as it is tracked. 4. Click Fil...

SUSE SLED12 / SLES12 Security Update : kdump (SUSE-SU-2016:2553-1)

This update for kdump provides several fixes and enhancements : - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked ...

openSUSE Security Update : kdump (openSUSE-2016-1215)

This update for kdump provides several fixes and enhancements : - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked ...

D-Link DWR-932B LET Router WPS PIN Generator Vulnerability

The D-Link DWR-932B LET is a wireless router. A vulnerability exists in the WPS PIN generator of the D-Link DWR-932B LET router. Since a user can temporarily generate a new WPS PIN via the router's web management interface, an attacker can exploit the vulnerability to use the PIN to access a...

SUSE-SU-2016:2553-1 Security update for kdump

This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked b...

OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2i. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2i advisory. - Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to...

org.ovirt.engine-root: engine-setup logs contained information for extracting admin password

A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates which could then be used to steal other sensitive information such as passwords...

CVE-2016-6536

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

Design/Logic Flaw

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

PT-2016-3140 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.7.7 Description: The issue is related to the aio mount function in fs/aio.c, which does not properly restrict execute access. This allows a local attacker to bypass intended SELinux W^X policy restrictions and...

Cisco EPC 3925 - Multiple Vulnerabilities

Exploit for asp platform in category web applications Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection...

Cisco EPC 3925 XSS / CSRF / HTTP Response Injection / DoS

Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection via 'Lang' Cookie 2. DoS via 'Lang' Cookie 3. DoS in...

swarm - A Modular Distributed Penetration Testing Tool

Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new...

CVE-2016-3889

Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing 1 an external tile from a system application, 2 the help feature, or 3 the Settings application during a pre-setup stage, aka...

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure

The vulnerability of the QEMU hardware emulation software is related to the implementation of the VMWARE Paravirtual SCSI PVSCSI mechanism. Exploiting this vulnerability allows a malicious actor to trigger a service failure by manipulating the PVSCSICMDSETUPRINGS or PVSCSICMDSETUPMSGRING command...