CVE-2016-3707

The icmpchecksysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Ech...

kernel-rt: Sending SysRq command via ICMP echo request

A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and...

PT-2016-5668 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10.0-327.22.1 Description: The issue allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets. This can be achieved through a brute-force attack to discover a cookie or by...

OracleVM 3.2 : sos (OVMSA-2016-0078)

The remote OracleVM system is missing necessary patches to address critical security updates : - add patch to remove all sysrq echo commands from sysreport.legacy John Sobecki orabug 11061754 - comment out rh-upload-core and README.rh-upload-core in specfile - Strip passwords from grub.conf and...

iSQL 1.0 Shell Command Injection

!/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link: https://github.com/roselone/iSQL/archive/master.zip Version: 1.0 Tested on: Debian wheezy CVE...

Centreon Web Useralias Command Execution

Centreon Web Interface 'Centreon Web Useralias Command Execution', 'Description' = %q Centreon Web Interface 'h00die ', module 'Nicolas CHATELAIN ' discovery , 'References' = 'EDB', '39501' , 'License' = MSFLICENSE, 'Platform' = 'python', 'Privileged' = false, 'Arch' = ARCHPYTHON, 'Targets' =...

kernel-rt information disclosure vulnerability

kernel-rt is a set of tools for sending SysRq commands via ICMP response requests. A security vulnerability exists in kernel-rt. An attacker can exploit this vulnerability by sending a specially crafted ICMP echo request to send arbitrary SysRq commands to a host to obtain a cookie...

Main-Echo - WebView JavaScript enabled, WebView code execution, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application Main-Echo published at the 'play' market has multiple vulnerabilities...

Echo News - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Echo News published at the 'play' market has multiple vulnerabilities...

WordPress Altos Connect Widget 1.3.0 XSS 漏洞

文件：/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php 上代码 " id="refreshimg" title="Click to refresh image"" width="132" height="46" alt="Captcha image" / Enter the characters as seen on the image above case insensitive: 第三行中...

CVE-2015-8007

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...

Design/Logic Flaw

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...

CVE-2015-8007

Affected software/component: MediaWiki Echo extension. Vulnerability: improper implementation of the hideuser functionality, enabling remote authenticated users to see hidden usernames in certain notifications. Impact (as described): exposure of hidden usernames in “non-revision based” notificati...

CVE-2015-8007

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...

MediaWiki Echo Extension Security Bypass Vulnerability

MediaWiki is a suite of free and freely available web-based wiki engines that can be used to deploy in-house knowledge management and content management systems. An unspecified security vulnerability exists in the MediaWiki Echo extension, which allows remote attackers to exploit the vulnerabilit...

Max Ping Echo Reply Size

An attacker might send an echo reply with large data, trying to compromise the security of the victim's machine...

CVE-2014-7342

The Echo News aka com.solo.report 1.10 application beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Code injection

The Echo News aka com.solo.report 1.10 application beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7342

The CVE-2014-7342 entry affects the Android application Echo News (package com.solo.report) in version 1.10 (beta). The underlying issue is that the app does not verify X.509 certificates when connecting to SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive in...

CVE-2014-7342

The Echo News aka com.solo.report 1.10 application beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...