The vulnerability of the vContainer component in the programmatically defined Cisco SD-WAN network allows a attacker to trigger a service failure or execute arbitrary code with root privileges.

The vulnerability of the vContainer component in the programmatically defined Cisco SD-WAN network is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code with root privileges by sending a specially crafted file...

PT-2019-16763 · Premisys · Premisys Identicard

Name of the Vulnerable Software and Affected Versions: Premisys Identicard version 3.1.190 Description: The issue concerns the storage of backup files as encrypted zip files with a hard-coded and unchangeable password. This allows an attacker with access to these backups to decrypt them and obtai...

Product release: Virtuozzo Infrastructure Platform 2.5

This product is formerly known as Virtuozzo Storage. With this release, Virtuozzo Infrastructure Platform offers a wide range of new features for compute virtualization and software-defined networking, as well as enhancements and stability improvements. It also addresses issues found in the...

Command injection

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands e.g. harmony.system?systeminfo...

Design/Logic Flaw

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL 0x800020F4 with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input...

CVE-2018-19522

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL 0x800020F4 with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input...

App Security and PCI; Are you ready for the audit?

As most people know, merchants, financial institutions and anybody else who is involved in processing credit cards are subject to the PCI DSS compliance to reduce fraud and cybersecurity risks. This affects both brick-n-mortar stores and banks as well as card-not-present CNP transactions that...

Six Xmas Gifts for the Pentester in your Life

Some of my best friends are ethical hackers. With the holidays approaching, these special people in my life will need special presents. Whether they are bounty hunting, pentesting as a part of a consulting project, doing security research to advance the field or working on a Red Team, they will...

XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an...

Citrix SD-WAN and NetScaler SD-WAN SQL Injection Vulnerabilities

Citrix SD-WAN and NetScaler SD-WAN are both software-defined WAN solutions from Citrix Systems USA. The products support real-time path selection, edge routing, stateful firewalls, end-to-end Qos and WANs. A SQL injection vulnerability exists in Citrix SD-WAN and NetScaler SD-WAN, which can be...

IBM Security AppScan Standard 9.0.3 .udt Denial Of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: IBM Security AppScan Standard 9.0.3 .udt Denial Of Service Author: Kağan Çapar Software Link: http://www-01.ibm.com/support/docview.wss?uid=ibm10715965 Vendor Homepage : https://www.ibm.com/security/application-security/appscan...

Security Bulletin: A security vulnerability has been identified in IBM Spectrum Scale bundled with IBM Cloud PowerVC Manager for Software Defined Infrastructure (CVE-2018-1782)

Summary IBM Spectrum Scale v5.0.0 bundled with IBM Cloud PowerVC Manager for Software Defined Infrastructure SDI v1.1.0 can be upgraded to v5.0.1.X. IBM Spectrum Scale v5.0.1 is bundled with IBM Cloud PowerVC Manager for Software Defined Infrastructure SDI v1.1.1. Information about a security...

May 26, 2017—KB4023680 (OS Build 14393.1230)

May 26, 2017—KB4023680 OS Build 14393.1230 Improvements and fixes This non-security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where End User Defined Characters EUDC may not be visible in some...

Zero Trust Security Architectures - Software Defined Perimeter

By Jano van Deventer and Andrew Terranova This is Part 3 of a 5 part blog series. Jump to Part 1: Introduction Jump to Part 2: Network Micro-Segmentation Jump to Part 4: Identity Aware Proxy Jump to Part 5: Akamai's Approach to Zero Trust Introduction In the first part of this blog series, we...

Micronet INplc-RT Privilege Vulnerability

Micronet INplc-RT is a software-defined PLC Programmable Logic Controller from Micronet Japan. A privilege-lifting vulnerability exists in Micronet INplc-RT version 3.08 and earlier. An attacker can exploit this vulnerability to perform operations with administrative privileges...

RHEL 7 : Red Hat Ceph Storage 1.3.3 (RHSA-2016:1972)

Red Hat Ceph Storage 1.3.3 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

Remote Code Execution (RCE)

YARD is affected by a remote code execution vulnerability. This is due to the usage of eval to parse and evaluate defined? blocks for complex expressions, which allows arbitrary execution of code...

CVE-2018-0346

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to...

CVE-2018-0344

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient...

Security Bulletin: Security vulnerabilities have been identified in IBM Spectrum Scale v5.0.0 shipped with IBM Cloud PowerVC Manager for Software Defined Infrastructure (SDI) v1.1.0 (CVE-2017-14746, CVE-2017-15275)

Summary IBM Spectrum Scale v5.0.0 is shipped with IBM Cloud PowerVC Manager for Software Defined Infrastructure SDI v1.1.0. Information about security vulnerabilities affecting IBM Spectrum Scale v5.0.0 have been published in a security bulletin. Vulnerability Details Refer to the security bullet...