CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

Design/Logic Flaw

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2018-10581

CVE-2018-10581 affects Octopus Deploy 3.4.x prior to 2018.4.7. An authenticated user can view/update/save variable values in the Tenant Variables area for Environments that are not present within their Team scoping, in scenarios where the user belongs to multiple teams and at least one team has V...

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

CVE-2017-0358 ntfs-3g: Modprobe influence vulnerability via environment variables

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation...

CVE-2017-0358 ntfs-3g: Modprobe influence vulnerability via environment variables

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation...

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

Authentication flaw

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...

CVE-2016-8380

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...

CVE-2016-8380

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption

Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code; given that it still processes the VMSFUPCASE filter...

CVE-2017-3966

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...

CVE-2017-3966

CVE-2017-3966 affects the web interface of McAfee Network Security Management (NSM) prior to 8.2.7.42.2. The issue is exploitation of session variables, resource IDs and other trusted credentials via reuse of an exposed session token in the application URL. This can allow remote attackers to affe...

CVE-2017-3966 SB10192 - Network Security Management (NSM) - Exploitation of session variables, resource IDs and other trusted credentials vulnerability

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...

$_SERVER[SCRIPT_NAME]variable to the value of the injected malicious code-vulnerability warning-the black bar safety net

$SERVER'SCRIPTNAME'variable in the route pass the parameters, can be introduced into the malicious code, which leads toxssas well as malicious code injection. PS: this article is only for technical discussion and sharing, it is forbidden for any illegal purposes. $SERVER'SCRIPTNAME'variables are...

Octopus Deploy has an unspecified vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy. An attacker could exploit this vulnerability to view deployment targets and create associated variables...

Dell EMC iDRAC7 and iDRAC8 Code Execution Vulnerabilities

Dell EMC iDRAC7 and iDRAC8 are both hardware and software-inclusive system management solutions from Dell USA. The solutions provide remote management, crash system recovery and power control for Dell PowerEdge systems. A security vulnerability exists in Dell EMC iDRAC7 and iDRAC8. A remote...

CVE-2018-1427

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072...