Moab < 7.2.9 - Authentication Bypass

Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computing Vendor Response: Resolved in Moa...

Moab Workload Manage 7.2.9 / 8 User Impersonation Vulnerability

Moab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability. Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick...

Moab User Impersonation

Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendo...

Moab Workload Manage Insecure Message Signing Authentication Bypass Vulnerability

Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration. Moab Authentication Bypass insecure message signing : CVE-2014-5376 Software: Moab Affected Versions: Dependent on configuration, can affect all...

Charney on Trustworthy Computing: 'I Was the Architect of These Changes'

Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about th...

Dennis Fisher and Mike Mimoso Discuss All Things Apple Security, Home Depot and Microsoft

Dennis Fisher and Mike Mimoso talk abut the crazy news of the last couple of weeks, the Apple privacy and Apple Pay announcements, the details of the Home Depot breach and the end of the Microsoft Trustworthy Computing unit. Download: digitalunderground167.mp3 Music by Chris Gonsalves...

Era Ends With Break Up of Trustworthy Computing Group at Microsoft

In a move that has surprised many in the security community, Microsoft has disbanded its Trustworthy Computing unit, the group that was responsible for the pioneering work that helped reverse the company’s security reputation and make Windows a much more secure and reliable computing platform. Th...

Cisco Integrated Management Controller Vulnerability

Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...

Code injection

The SSH module in the Integrated Management Controller IMC before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service IMC hang via a crafted SSH packet, aka Bug ID CSCuo69206...

CVE-2014-3348

CVE-2014-3348 affects Cisco UCS IMC SSH on E-Series blade servers, with the SSH module prior to 2.3(1) vulnerable to remote, unauthenticated DoS (IMC hang) via a crafted SSH packet. Affected product: Cisco Integrated Management Controller (IMC) in UCS E-Series blade servers. Root cause: improper ...

Cisco Unified Computing System E DoS

SSH DoS in built in management controller...

Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

Microsoft Exec Says Company Has Never Been Asked to Backdoor a Product

One of Microsoft’s top security executives said the company has never been asked by the United States government to build a backdoor into any of its products, and if the company was asked, it would fight the order in the courts. Since the Edward Snowden revelations began last summer, there have...

RHEL 6 : MRG (RHSA-2012:0099)

Updated Grid component packages that fix multiple security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common...

RHEL 6 : Red Hat Enterprise MRG Grid 2.3 (RHSA-2013:0565)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0565 advisory. Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased performanc...

RHEL 5 : MRG (RHSA-2012:0476)

An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RHEL 6 : MRG (RHSA-2013:1852)

Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...

the elasticsearch exploit tool kit-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene to build the open source, distributed, RESTful search engine. Designed for cloud computing, it is possible to achieve real-time search, stable, reliable, fast, install easy to use. Support through HTTP using the JSON data index. ! Please do not used for illegal...

TORQUE Resource Manager 2.5.x-2.5.13 - Stack Based Buffer Overflow Stub

No description provided by source. !/usr/bin/env python Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub Date: 27 May 2014 Exploit Author: bwall - @botnethunter Vulnerability discovered by: MWR Labs CVE: CVE-2014-0749 Vendor Homepage:...