USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation...

USN-3932-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. CVE-2017-18249 Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadat...

Mail.ru: [special.mail.ru] Information Disclosure

special.mail.ru was running misconfigured Laravel in debug mode, disclosing some sensitive information...

OPENSUSE-SU-2019:1111-1 Security update for openwsman

This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure bsc1122623. - CVE-2019-3833: Fixed a vulnerability in processconnection which could allow an attacker to trigger an...

Security update for openwsman (important)

openSUSE Security Update: Security update for openwsman Announcement ID: openSUSE-SU-2019:1111-1 Rating: important References: 1092206 1122623 Cross-References: CVE-2019-3816 CVE-2019-3833 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

PYSEC-2019-78

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

PYSEC-2019-8

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...

WordPress Debug Mode

The web server on the remote host allows read access to WordPress debug file /wp-content/debug.log which contains debugging information such as PHP notices, warnings and errors. That means WordPress debug mode is enabled or if disabled log file has not been deleted. A remote attacker can exploit...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

Design/Logic Flaw

DISPUTED An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a...

SUSE-SU-2019:0654-1 Security update for openwsman

This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure bsc1122623. - CVE-2019-3833: Fixed a vulnerability in processconnection which could allow an attacker to trigger an...

Microsoft VBScript - VbsErase Memory Corruption

r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2018-18466

CVE-2018-18466 affects SecurEnvoy SecurAccess 9.3.502. When Debug mode is enabled and used for RDP, the emergency credentials are logged in cleartext in the DEBUG folder, exposing them to anyone with access. Root cause: logging of sensitive credentials in cleartext during debugging/debug logs; ve...

PT-2019-9594 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurAccess version 9.3.502 Description: An issue was discovered in SecurEnvoy SecurAccess. When put in Debug mode and used for RDP connections, the application stores emergency credentials in cleartext in the logs, which can be...

Moodle 3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the...