kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c

A flaw was found in the Linux kernel, before 4.16.6 where the cdromioctlmediachanged function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out kernel memory...

kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c

A flaw was found in the Linux kernel, before 4.16.6 where the cdromioctlmediachanged function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out kernel memory...

Docker Container Number of Changed Files

Binary data dockerchangedfilesnum.nbin...

How to migrate the XMS Database server from an existing DB to a cloned DB server

How to migrate the XMS Database server from an existing DB server to a cloned DB server ? Below are the steps which can be followed if we need to migrate XMS DB server to a cloned DB server which has a different IP address. 1. Login to XenMobile server. 2. Select Configuration and then select...

DEBIAN-CVE-2018-10940

The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out kernel memory...

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability

Cisco Unified Computing System UCS is a set of unified computing system of the United States Cisco Cisco Company. The system integrates network, computing, and virtualized resources into a single platform through the extensive use of virtualization technology.Cisco Unified Computing System Direct...

Information Disclosure

django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOKAUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your...

Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection

Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...

Oracle E-Business Suite 12.2.3 SQL Injection

Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...

Rapid7 Nexpose Static Java Key Vault Cryptographic Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. Rapid7 Nexpose has a...

CVE-2016-5918

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed...

How to get disk changed areas from CBT(changed block tracker) in vSphere

Purpose This article demonstrates how to pull the changed disk areas in a vSphere environment. Performing this task is intended as a way to demonstrate how changed block tracking functions for Veeam Backup & Replication jobs. The most common situation where this article comes into play is when a...

HooToo Tripmate HT-TM01 2.000.022 - CSRF Vulnerabilities

Exploit for php platform in category web applications Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description Various...

HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery

HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description...

JVN#50943964: phpMyFAQ vulnerable to cross-site request forgery

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information provided by t...

AZL-6692 CVE-2012-5627 affecting package mysql for versions less than 8.0.24-1

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the changeuser command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks...

DEBIAN-CVE-2013-0292

The dbusgproxymanagerfilter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal...

CVE-2011-4579

The svq1decodeframe function in the SVQ1 decoder svq1dec.c in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service...

DEBIAN-CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

PYSEC-2012-34

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...