270 matches found
Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.1 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Metasploit Weekly Wrap-Up
A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...
F5 Big-IP Gather Information from MCP Datastore
This module gathers various interesting pieces of data from F5's "mcp" datastore, which is accessed via /var/run/mcp using a proprietary protocol. Adapted from: https://github.com/rbowes-r7/refreshing-mcp-tool/blob/main/mcp-getloot.rb Module Options msf use post/linux/gather/f5lootmcp msf...
Sql injection
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...
Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
PT-2022-24988 · Unknown · Matrix-Appservice-Irc
Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions up to 0.35.1 Description: A critical issue affects the file src/datastore/postgres/PgDataStore.ts, where the manipulation of the roomIds argument leads to sql injection. Upgrading to version 0.36.0 addresses thi...
matrix-appservice-irc 安全漏洞
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc 0.35.1 and earlier versions, which stems from affected unknown code in the file src/datastore/postgres/PgDataStore.t...
Error: Skipping VM processing due to insufficient free disk space on datastore
Challenge A Backup or Replication job fails with the messages: Production datastore is getting low on free space xx GB left, and may run out of free disk space completely due to open snapshots. Insufficient free disk space on production datastore . Error: Skipping VM processing due to insufficien...
Microsoft ODBC Driver 安全漏洞
Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in the Microsoft ODBC Driver. The following products and versions are affected: Windows 8.1 fo...
Datastore Named 'VeeamBackup_' Listed as Inaccessible
Challenge A Datastore with the name 'VeeamBackup' is found within the vSphere environment and is marked inaccessible. The will be the hostname, FQDN, or IP of a server assigned as the Mount Server for a Repository in Veeam Backup & Replication. Cause The datastore appears "inaccessible" because t...
Metasploit Weekly Wrap-Up
Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...
SQL Injection
com.yahoo.elide:elide-datastore-aggregation is vulnerable to SQL Injection attacks. A specifically crafted query statement through a parameterized TEXT column allows a malicious user to inject and execute arbitrary SQL queries via the ValueType enum...
com.yahoo.elide:elide-spring-boot-starter (=6.1.3), com.yahoo.elide:elide-standalone (=6.1.3) potentially affected by CVE-2022-24827 via com.yahoo.elide:elide-datastore-aggregation (=6.1.3)
com.yahoo.elide:elide-datastore-aggregation MAVEN version =6.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.yahoo.elide:elide-datastore-aggregation and may be impacted: - com.yahoo.elide:elide-spring-boot-starter =6.1.3 -...
GHSA-8XPJ-9J9G-FC9R SQL Injection in elide-datastore-aggregation
Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...
Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.2.3 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
A specified parameter was not correct: spec.vmProfile
Challenge Scenario 1: A Replication job fails with the following error: Failed to set storage profile VM Encryption Policy to vm. Copy Scenario 2: An Entire VM Restore or Instant Recovery fails with the following error: Error: A specified parameter was not correct: spec.vmProfile Copy Cause This...
Metasploit Wrap-Up
Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...
Metasploit Wrap-Up
Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk Bring You...
CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
Code injection
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...