2797 matches found
Linux kernel memory leak vulnerability (CNVD-2018-24475)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory leak vulnerability exists in the 'irdabind' function in the net/irda/afirda.c file and the drivers/staging/irda/net/afirda.c file in versions of Linux kernel...
DEBIAN-CVE-2018-6554
Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service memory consumption by repeatedly binding an AFIRDA socket...
August 14, 2018—KB4343885 (OS Build 15063.1266)
August 14, 2018—KB4343885 OS Build 15063.1266 Note This release also contains updates for Windows 10 Mobile OS Build 15063.1266 released August 14, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...
August 14, 2018—KB4343892 (OS Build 10240.17946)
August 14, 2018—KB4343892 OS Build 10240.17946 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as ...
August 14, 2018—KB4343897 (OS Build 16299.611)
August 14, 2018—KB4343897 OS Build 16299.611 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as L1...
MicroFocus Secure Messaging Gateway Remote Code Execution Exploit
This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...
Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)
Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...
MicroFocus Secure Messaging Gateway Remote Code Execution
This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...
CVE-2018-1000601
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...
After Upgrade to WEM 4.6 agents not getting configurations with error: Agent (Agent name) is not bound to any configuration set
Upgrade WEM environment from 4.5 to 4.6. After upgrading, WEM agents are randomly reported with the following different status under Administration Agents Registrations: "Agent is bound to multiple configuration sets." Then the same agents are reported with the following status: "Agent is not be...
Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176)
Summary The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. Vulnerability Detai...
spring-data-commons: XXE with Spring Data’s XMLBeam integration
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2016-10585
libxl provides Node bindings for the libxl library for reading and writing excel XLS and XLSX spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an...
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
/ ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming connections. global start section .text start: ; Creating the socket. ; ; int socketint domain...
The Axer - Tool To Automate The Procedure Of Creating Your Payloads With Msfvenom
The axer will replace the manual procedure of creating your payloads with msfvenom , making it easier and a lot quicker. THE AXER WILL LET YOU CHOOSE THE PLATFORM , FORMAT, ENCODER, Bind with another file and a lot of other features: Download The-Axer...
VK.com: [Привязка email к странице] by [email protected] | email-flood
Отсутствие некоторых проверок при привязке почты. Impact: e-mail flood Флуд. █.vk.com/█?act=█&█=█&█=█&█=█&█=█&█=█&█=█&[email protected]&█=█&ref=█ Status: fixed Флуда больше нет. █.vk.com/█?act=█&█=█&█=█&█=█&█=█&chash=█&█=█&ref=█...
CloudBees Jenkins Credentials Binding Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Credentials Binding...
Apache JMeter < 4.0 Insecure RMI Registry Binding
One or more versions of Apache JMeter discovered on the remote host is affected by a remote code execution vulnerability as a result of insecure RMI registry binding. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
CVE-2018-1000057
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured...
CVE-2018-1000057
CVE-2018-1000057 affects Jenkins Credentials Binding Plugin (version 1.14 and earlier). The issue is that Jenkins masks passwords in logs but can transform values (e.g., resolving environment variable references), causing password-like values to be exposed or recoverable. This is due to substitut...