368 matches found
Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation Exploit
Exploit for linux platform in category local exploits // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // // Usage: // email protected:$...
Verizon to pre-install a 'Spyware' app on its Android phones to collect user data
If the death of online privacy rules wasn't enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers' Android devices in order to collect their personal data. The telecom giant has partnered with Evie Launcher to bring a new...
KLA10964 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10960. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
SSL 3.0 POODLE(CVE-2014-3566)
SSL 3.0 POODLE attack information disclosure VulnerabilityCVE-2014-3566 Release date: 2014-10-14 Update date: 2014-10-16 Affected system: Netscape ssl 3.0 Netscape tls Not affected system: Netscape tls 1.2 Netscape tls 1.1 Netscape tls 1.0 Description: CVECAN ID: CVE-2014-3566 SSL3. 0 is an...
Microsoft Internet Explorer 8 - MSHTML 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)
positionfixed position: fixed; positionrelative position: relative; floatleft float: left; complex float: left; width: 100%; complex:first-line clear: left; window.onload = function boom oElementfloatleft = document.createElement'floatleft'; oElementcomplex =...
Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR(CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net
! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...
Oracle: Security Advisory (ELSA-2013-1645)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Prevent Activity feed information leakage by allowing permanently disabling of it
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-45601. panel It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances,...
Fedora 21 : php-twig-1.20.0-1.fc21 (2015-13423)
1.20.0 2015-08-12 forbid access to the Twig environment from templates and internal parts of TwigTemplate fixed limited RCEs when in sandbox mode deprecated TwigTemplate::getEnvironment deprecated the self variable for usage outside of the from and import tags added TwigBaseNodeVisitor to ease th...
Symantec Endpoint Protection 12.1.4013 Service Disabling Vulnerability
Exploit for windows platform in category dos / poc Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection Version:12.1.401...
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection Version:12.1.4013 Tested on: windows 7 SP1 Category: Antivirus...
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Symantec Endpoint Protection 12.1.4013 - Service Disabling Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection...
elasticsearch -- directory traversal attack with site plugins
Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...
KLA10515 Multiple vulnerabilities in PHP and extensions
Multiple serious vulnerabilities have been found in PHP and extensions. Malicious users can exploit these vulnerabilities to cause denial of service or inject code. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be exploited remotely via a specially designed year...
InstantASP InstantForum.NET Multiple Cross-Site Scripting Vulnerabilities
InstantASP InstantForum.NET is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Disabling user in delegated Active Directory doesn't disable them in Confluence until they log in
h3.Steps to Reproduce Create a delegated directory, hooked to Active Directory Login with an AD user, with the "Remember Me" option checked Close the browser completely Disable the user in AD by checking the "Account is disabled" option in User Properties Account Account Options Launch the browse...
Microsoft Plans to Disable SSLv3 in IE, All Online Services
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...
POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard
Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer SSL 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most...
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...
SOL15481 - BIND vulnerability CVE-2012-1033
Note: BIG-IP systems are vulnerable only in the event that you configure BIND for name resolution requests, and enable recursion. If the BIG-IP system receives a DNS request which it cannot resolve locally, and makes a recursive request to an external DNS server, the vulnerability may be exploite...