CVE-2019-1919 Cisco FindIT Network Management Software Static Credentials Vulnerability

A vulnerability in the Cisco FindIT Network Management Software virtual machine VM images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account...

Cisco FindIT Network Management Software Static Credentials Vulnerability

A vulnerability in the Cisco FindIT Network Management Software virtual machine VM images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account...

Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Recommended Windows 10 80+ GB Hard Drive 4+ GB RAM 2 network adapters...

The vulnerability of the fly-wm window manager in the Astra Linux operating system allows a hacker to gain access to confidential data.

The vulnerability of the fly-wm window manager in the Astra Linux operating system is related to errors in the algorithm for calculating permissions when changing the size of the window of the built-in screen locker. This allows confidential data to be displayed in a virtual machine or in an...

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual...

UBUNTU-CVE-2019-13164

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name obtained from bridge.conf or a --br=bridge option is limited to the IFNAMSIZ size, which can lead to an ACL bypass...

Icebox - Virtual Machine Introspection, Tracing & Debugging

Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process kernel or user. It's based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox. BUILD.md: how to build icebox. Demo Project Organisation fdp: Fast...

Exploit for OS Command Injection in Docker

Breaking out of Docker via RunC A proof of concept code for CV...

Facebook HHVM Information Disclosure Vulnerability

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. An information disclosure vulnerability exists in HHVM. An attacker can exploit this vulnerability to gain direct access to an application,...

Simplify - Generic Android Deobfuscator

Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. Before and...

CVE-2019-0711

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual...

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual...

VMware WorkStation 12.5.3 - Virtual Machine Escape

VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

Windows 10 v2004, 20H2, 21H1, 21H2 & 22H2 – Citrix Known Issues

Microsoft releases software updates for Windows 10 twice a year through the Semi-Annual Channel. Microsoft released its Semi-Annual Channel 'May 2020 update' v2004 in May 2020,'October 2020 update'20H2 in October 2020, 'May 2021 update' 21H1 in May 2021, 'November 2021 update' 21H2 and '2022...

EquityPandit 1.0 - Password Disclosure

Exploit title: EquityPandit v1.0 - Insecure Logging Date:27/05/2019 Exploit Author: ManhNho Software name: "EquityPandit" Software link: https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit Version: 1.0 Category: Android apps Description: - Sometimes developers keeps sensiti...

Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - Lenovo Support US

No description provided...

Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US

Lenovo Security Advisory: LEN-26696 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127 - Microarchitectural Load Port Data Sampling MLPDS CVE-2018-12130 -...

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. VMware has evaluated the...