8751 matches found
EDK2 Memory Write Vulnerability
EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A security vulnerability exists in EDK2's SMM service that stems from the program's failure to adequately perform memory write checks. A local attacker could exploit the vulnerability to elevate...
Thoughts on OSSEC Con 2019
Last week I attended my first OSSEC conference. I first blogged about OSSEC in 2007, and wrote other posts about it in the following years. OSSEC is a host-based intrusion detection and log analysis system with correlation and active response features. It is cross-platform, such that I can run it...
Mail.ru: Rails application running in development mode
autodiscover.staging.geekbrains.ru was running Ruby on Rails in development mode...
EDK2 Buffer Overflow Vulnerability (CNVD-2019-08728)
EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A buffer overflow vulnerability exists in EDK2's DxeCore, which can be exploited by a local attacker to elevate privileges, disclose information, and/or cause a denial of service...
DEBIAN-CVE-2018-12183
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...
UBUNTU-CVE-2019-0161
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access...
UBUNTU-CVE-2018-3613
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...
CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
DEBIAN-CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
Remote code execution
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
CVE-2019-5420
CVE-2019-5420 affects Ruby on Rails in development mode where the secret token used to secure sessions is guessable, enabling potential RCE via Rails internals. Connected exploits demonstrate deserialization/RCE vectors dependent on a guessed development secret base. Vulnerable condition: running...
CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
Ruby on Rails DoubleTap Development Mode secret_key_base Vulnerability
Ruby on Rails versions including 5.2.2.1 and prior are vulnerable to a predicatble secretkeybase in development mode, which could be used to recreated a signed message, such as a serialized object, and gain remote code execution. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM Z Open Development (CVE-2018-3180)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition that is used by IBM Z Open Development. The issue was disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like...
Xerxes - DoS Tool Enhanced
Xerxes dos tool enhanced with many features for stress testing. Features Xerxes has many features, some of these features are: TLS Support HTTP header randomization Useragent randomization Multiprocessing support Multiple Attack vectors etc... Not only that but also we are aggressively developing...
SQL Injection Vulnerability in Zhirui School Course Selection System
Zhirui school course selection system positioning school education development system, specialized for secondary schools, colleges and universities students online course selection, results query system, for the integrated campus information system. Zhirui School Selection System suffers from SQL...
[SECURITY] Fedora 29 Update: python2-django1.11-1.11.20-1.fc29
This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2019-0462)
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...