Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...

Information Disclosure

ansible is vulnerable to information disclosure. It is possible because .result attribute of an ansible.executor.taskresult.TaskResult is being sent to the callback plugins without obscuring stdout information when using a nolog directive...

Immunity Canvas: SPECIAL_LNK

Name| speciallnk ---|--- CVE| CVE-2017-8464 Exploit Pack| CANVAS Description| speciallnk Notes| References: 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464', 'http://paper.seebug.org/357/', 'http://www.vxjump.net/files/vulnanalysis/cve-2017-8464.txt' CVE Name:...

PT-2017-18938

Name of the Vulnerable Software and Affected Versions YARA version 3.6.1 Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted file. This is due to the mishandling of the file in the yr re fast exec function in...

CVE-2017-9059

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak...

CVE-2017-9059

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak...

CVE-2017-9059

The CVE-2017-9059 vulnerability affects the Linux kernel’s NFSv4 implementation (up to version 4.11.1). The root cause is an improper channel callback shutdown during unmount of an NFSv4 filesystem, described as a module reference and kernel daemon leak. Impact stated in the sources is a local de...

CVE-2017-9059

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak...

Linux kernel information disclosure vulnerability (CNVD-2017-06927)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the 'edgebulkincallback' function in the drivers/usb/serial/ioti.c file in Linux kernel versions 4.10.4 and earlier. A local...

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting XSS attacks. The moxie.swf file contains a function that takes in user input and returns a result via a callback endpoint. This can allow a malicious user to inject and execute arbitrary script through a Same Origin Method Execution SOME attack...

Microsoft Windows 7 Kernel - win32k!xxxClientLpkDrawTextEx Stack Memory Disclosure

Microsoft Windows 7 Kernel - win32k!xxxClientLpkDrawTextEx Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1182 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...

Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1182 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other platforms untested indirectly through the win32k!NtUserCreateWindowEx system call...

CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

UBUNTU-CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

Code injection

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

DEBIAN-CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

ALPINE-CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

CVE-2017-8905

CVE-2017-8905 affects Xen 4.6.x on 64-bit platforms. A failsafe callback is mishandled, which could allow a PV guest OS user to execute arbitrary code on the host (XSA-215). Connected sources confirm the issue and reference the XSA-215 advisory; SUSE notes CVE-2017-8905 in security updates. No ex...