674 matches found
kubernetes security update
1.9.1-2.1.5 - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from Orabug 27125915 1.9.1-2.1.4.dev - Make sure worker node upgrade properly - Orabug 27649898 1.9.1-2.1.3.dev - Ensure that the runtime mounts RO volumes read-only CVE-2017-1002102 - Update Dashboard version...
[SECURITY] Fedora 28 Update: kst-2.0.8-20.fc28
Kst is a real-time data viewing and plotting tool with basic data analysis functionality. Kst contains many powerful built-in features and is expandable with plugins and extensions. Main features of kst include: Robust plotting of live "streaming" data. Powerful keyboard and mouse plot...
How to Sysprep PVS images before they are streamed to Target Devices.
Question: Is needed to run Sysprep on PVS images? Answer: It is not needed to run Sysprep on PVS/MCS images since they both have their own version/method built-in to Sysprep the images. Also, it is not recommended to run Sysprep on PVS or MCS machines since it is not needed...
Disk Savvy Enterprise 10.4.18 Buffer Ovreflow Exploit
This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86. This module requires...
Disk Savvy Enterprise v10.4.18
This module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise v10.4.18, caused by improper bounds checking of the request sent to the built-in server. This module has been tested successfully on Windows 7 SP1 x86. This module requires Metasploit:...
Huawei UPnP DeviceUpgrade command injection
Added: 01/02/2018 BID: 102344 Background Huawei home routers support the DeviceUpgrade service type over the Universal Plug and Play UPnP protocol to facilitate upgrading of firmware. Problem A remote authenticated attacker can execute arbitrary commands injected into the NewStatusURL XML element...
custombuiltrods.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-459149 Description| Value ---|--- Affected Website:| custombuiltrods.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
Build-Your-Own Data Masking. Yes or No?
A lot of organizations are taking great strides to protect their sensitive data with a multi-layered strategy—one that includes data masking. We’ve even seen many tackling this critical data security component in DIY fashion, often tasking one resource with developing and implementing scripts to...
Chinese Keyboard Developer Spies on User Through Built-in Keylogger
By Waqas A Chinese mechanical keyboard manufacturer MantisTek has been caught in the This is a post from HackRead.com Read the original post: Chinese Keyboard Developer Spies on User Through Built-in Keylogger...
CVE-2017-8448
An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges...
kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...
CVE-2017-12711
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.220170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges...
Advantech WebAccess Elevation of Privilege Vulnerability
Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An elevation of privilege vulnerability exists in Advantec...
Security fix for the ALT Linux 9 package openvpn version June
June 21, 2017 Nikolay A. Fetisov 2.4.3-alt1 - New version - Security fixes: + CVE-2017-7522 Post-authentication --x509-track remote DoS + CVE-2017-7521 Post-authentication remote-triggerable memory leaks + CVE-2017-7521 Potential post-authentication remote code execution on servers that use the...
massExpConsole - Collection of Tools and Exploits with a CLI UI
Collection of Tools and Exploits with a CLI UI What does it do? an easy-to-use user interface cli execute any adapted exploit with process-level concurrency crawler for baidu and zoomeye a simple webshell manager some built-in exploits automated more to come... Requirements GNU/Linux or MacOS, WS...
GNU Bash code execution vulnerability in path completion(CVE-2017-5932)
1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab...
Certec EDV GmbH atvise scada (Update A)
CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Certec EDV GmbH Equipment: atvise scada Vulnerabilities: Cross-Site Scripting, Header Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-096-01 Certec EDV GmbH...
DzSoft PHP Editor File Enumeration Vulnerability
DzSoft PHP Editor is a tool for writing and testing PHP and HTML pages. DzSoft PHP Editor has a security vulnerability.DzSoftpe is equipped with a built-in web server for previewing PHP files when combining the "HEAD" method of HTTP requests with the directory traversal "\ ... /... /..." type of...
DzSoft PHP Editor 4.2.7 - File Enumeration
DzSoft PHP Editor 4.2.7 - File Enumeration + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...
DzSoft PHP Editor 4.2.7 - File Enumeration Vulnerability
Exploit for windows platform in category remote exploits + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...