CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

CVE-2019-8934

CVE-2019-8934 affects QEMU up to version 3.1.0 via the PPC SPAPR code (hw/ppc/spapr.c). The hypervisor can expose information by sharing the guest/host-visible attributes in /proc/device-tree: system-id and model. The connected documents confirm the description and affected component, but do not ...

Design/Logic Flaw

The Olive Tree FTP Server aka com.theolivetree.ftpserver application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets...

CVE-2019-9600

The Olive Tree FTP Server aka com.theolivetree.ftpserver application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets...

CVE-2019-9600

The Olive Tree FTP Server aka com.theolivetree.ftpserver application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets...

CVE-2019-9600

The Olive Tree FTP Server (com.theolivetree.ftpserver) for Android is affected up to version 1.32. The issue allows remote attackers to cause a denial of service by a client performing many connection attempts and dropping certain packets. Documents do not provide root-cause details beyond this b...

CVE-2019-9600

The Olive Tree FTP Server aka com.theolivetree.ftpserver application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets...

UBUNTU-CVE-2019-9587

There is a stack consumption issue in md5Round1 located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact. This is related...

FTP Server 1.32 - Denial of Service

FTP Server 1.32 - Denial of Service !/usr/bin/env python coding: utf-8 Author: Marcelo Vázquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo Vázquez aka s4vitar Vendor: The Olive Tree...

FTP Server 1.32 Denial Of Service

!/usr/bin/env python coding: utf-8 Author: Marcelo VA!zquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo VA!zquez aka s4vitar Vendor: The Olive Tree Software Link:...

jenkins-plugin-workflow-cps: Sandbox Bypass in Pipeline: Groovy Plugin

A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Re...

[SECURITY] Fedora 29 Update: jackson-databind-2.9.8-1.fc29

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

U.S. Dept Of Defense: [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/

Description Hello. I discovered a Path Traversal issue on the https://██████████/ I was able to turn it to the local file read, and after series of the test determined that it's possible to reach sensitive system files with administrator rights. POC The next request will read the...

Path traversal

Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...

CVE-2018-16485

Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...

Friday Squid Blogging: Squids on the Tree of Life

Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Wallarm to Sponsor AppSec Cali

If you are a SecOps or DevOps professional on the west coast you can not miss the premier California application security event: AppSec California, January 22–25th in Santa Monica. Here are testimonials from the previous AppSec Cali events: “I'm looking forward to AppSecCali next week. Last year...

DEBIAN-CVE-2018-20726

A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service...

Insecure File Permissions

BusyBox uses insecure file permissions. The mdev utility creates certain directories within the /dev with world-writable permissions 0777, which would allow a local unprivileged user to perform read, write and execute actions within the /dev directory tree...