📄 Microsoft Windows 11 Administrator Protection Bypass / Privilege Escalation

Microsoft Windows 11 suffers from an administrator protection bypass local privilege escalation vulnerability. Proof of concept Metasploit module included. =============================================================================================================================================...

How to Create a Scan for Server-Side Request Forgery

This whitepaper covers how to create a scan in Perl to identify server-side request forgery in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid SSRF problems at the cod...

How to Create a Scan to Identify Remote File Inclusion

This whitepaper covers how to create a scan in Perl to identify remote file inclusion in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid remote file inclusion problems...

How to Create a Scan for Local File Inclusion

This whitepaper covers how to create a scan in Perl to identify different types of local file inclusion in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid local file...

CVE-2024-56707

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2mboxgetrsp errors in otx2dmacflt.c Add error pointer checks after calling otx2mboxgetrsp...

Bugsy - Command-line Interface Tool That Provides Automatic Security Vulnerability Remediation For Your Code

Bugsy is a command-line interface CLI tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is designed to help developers quickly identify and...

Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)

Summary There is a vulnerability in open source Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to execute arbitrary code on the vulnerable system or cause a denial of service...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model 840 (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM® FlashSystem™ 840. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ( CVE-2016-0705, CVE-2016-0797 )

Summary There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to corrupt memory and/or cause a denial of service. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Vulnerability...

Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary There are vulnerabilities in Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system, cause the application to crash, or cau...

Security Bulletin:A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem models 840 and 900 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability...

Security Bulletin: A cross-site request forgery vulnerability affects the IBM FlashSystem models 840 and 900 (CVE-2015-7446)

Summary There is a cross-site request forgery vulnerability to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow cross-site scripting attacks, Web cache poisoning, and other malicious activities. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2015-6563 and CVE-2015-6564 could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an...

Security Bulletin: A vulnerability in IBM SDK Java Technology Edition that is used by the IBM FlashSystem 840 and IBM FlashSystem 900 (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition that is used by the IBM® FlashSystem™ 840 and IBM FlashSystem 900. This issue were disclosed as part of the IBM Java SDK updates for October 2015. An exploit of this vulnerability could cause a partial integrity impact...

Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2015-3194)

Summary There is a vulnerability in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could cause a system to crash. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...

Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v2.2 and v9 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSLv3 connections (CVE-2014-3566)

Summary SSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and...

PT-2022-36630 · Mozilla · Seamonkey

Name of the Vulnerable Software and Affected Versions: SeaMonkey versions prior to 2.53.13 Description: The issue concerns security fixes in SeaMonkey. It includes updates to devtools, build configuration, and the removal of array comprehensions, legacy iterators, and generators. SeaMonkey 2.53.1...

Open-Xchange: Privilege escalation possible in dovecot when similar passdbs are used

Summary --------- Privilege escalation is possible as a result of incorrect security code logic for dovecot passdb definitions. Description ------------ When two passdb configuration entries exist in the dovecot configuration which have the same driver and args settings, the incorrect...

kernel security and bug fix update

4.18.0-305.17.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...