429 matches found
CVE-2016-8236
The CVE-2016-8236 issue affects Lenovo ThinkServer systems with ThinkServer System Manager (TSM): RD350, RD450, RD550, RD650, and TD350. A prolonged broadcast storm on the local LAN can trigger a watchdog-driven reset to defaults, setting the TSM username/password to defaults and wiping configura...
CVE-2016-8236
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77...
Inherent Risks of Using the Intelligent Platform Management Interface (IPMI) on the Lenovo System x Integrated Management Module (IMM), Integrated Management Module II (IMM2) and ThinkServer TSM - us
Lenovo Security Advisory: LEN-10617 Potential Impact: Access to systems through IPMI if default settings are not changed Severity: High Scope of Impact: Industry-Wide CVE Identifiers: CVE-2013-4037, CVE-2013-4031 Summary Description: Various risks with the industry-standard Intelligent Platform...
Inherent Risks of Using the Intelligent Platform Management Interface (IPMI) on the Lenovo System x Integrated Management Module (IMM), Integrated Management Module II (IMM2) and ThinkServer TSM - Lenovo Support US
No description provided...
Attacks On MongoDB Rise As Hijackings Continue
The number of insecure MongoDB databases being hijacked by criminals is growing according to experts who say attacks that began last week are now targeting more valuable assets. Since identifying attacks against MongoDB installations on Dec. 27, Victor Gevers, an ethical hacker and founder of GDI...
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...
How to Use Middle Button Paste Between Linux VDA and Linux Receiver
Windows doesn’t support middle button paste while Linux supports this function. In Linux Receiver, we have option to support middle button past in Windows VDA which is enabled by default. Middle button paste doesn’t work correctly between Linux VDA and Linux Receiver by default settings...
Webmin Default Configuration 'root' Logon
Binary data 9526.prm...
PLC Blaster Worm Targets Industrial Control PLCs
LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...
HP Data Protector A.09.00 - Arbitrary Command Execution
Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...
How to Restore NetScaler SDX to Factory Default Settings
This article describes how to restore NetScaler SDX to factory default settings. Important Points to Note 1. The procedure mentioned in this article is for troubleshooting or a last resort step only. The recommend procedure to restoreNetScaler SDX to factory default settings is using SVM GUI . 2...
OpenSSH: Client buffer-overflow when using roaming connections
A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options...
Master User, versions before 2.1.4
Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...
Wordpress Stored Cross-Site Scripting Zero Day Vulnerability
WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Vulnerability
Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP...
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Overview Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from ...
EmpireCMS(帝国cms)csrf getshell
简要描述: EmpireCMS帝国cmscsrf getshell 最新版本。 详细说明: 参见漏洞: WooYun: 帝国CMS CSRF GetShell 帝国cms默认添加栏目时候默认是允许投稿。 另外帝国的会员中心基本都是开启的,有的就算不开启也是可以匿名投稿。 漏洞证明: 图1所示,帝国添加栏目时候默认是开启投稿的。 图2所示,虽然过滤的,但是未过滤img中的污染数据。这个地方插入 也就是http://127.0.0.1/1.js,1.js代码看这里 WooYun: 帝国CMS CSRF GetShell 图3所示:管理员看到未审核内容时候点击标题可以查看内容。 img...