1967 matches found
CVE-2016-7824
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors...
Asterisk 14.4.0 Skinny Denial Of Service
Asterisk Skinny memory exhaustion vulnerability leads to DoS - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 with chanskinny enabled - References: AST-2017-004 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-13 - Digium confirmed...
Ubuntu 16.10 / 17.04 : lightdm vulnerability (USN-3285-1)
Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other...
Read Asset Identification Tag on scanned host (Linux/Unix SSH Login)
This routine reads the Greenbone Asset Identifier of a system, provided it is a unixoid system offering SSH access. By default, this routine is disabled even it is selected to run. To activate it, it needs to be explicitly enabled with its corresponding preference switch. The file is named asset....
Dridex and Locky Return Via PDF Attachments in Latest Campaigns
Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...
SQL injection vulnerability in SelectedEnableAdmin parameter of AreaInfoHandle.php file of Hikvision's in-vehicle remote monitoring system
Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. Hikvision Vehicle Remote Monitoring System AreaInfoHandle.php page SelectedEnableAdmin parameter exists SQL injection vulnerability, an attacker can exploit the vulnerability to obtain...
SQL injection vulnerability in the SelectedEnableAdmin parameter of the AddArea.php file of Hikvision's in-vehicle remote monitoring system
Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter SelectedEnableAdmin in the file AddArea.php of Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the...
Juniper Junos for M/MX Series Routers IPv6 Neighbor Discovery DoS (JSA10786)
According to its self-reported version and configuration, the remote Juniper Junos M/MX Series device is affected by a denial of service vulnerability in a Packet Forwarding Engine PFE when processing IPv6 neighbor discovery ND packets that originate from subscribers and are destined to M/MX seri...
Cisco Enable / Privileged Exec Support
In Nexpose version 6.4.28, we are adding support for privileged elevation on Cisco devices through enable command for those that are running SSH version 2. A fully privileged policy scan provides more accurate information on the target's compliance status, and the ability to do so through enable...
VulnCheck KEV: CVE-2017-3197
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash...
CentreCOM AR260S V2 vulnerable to privilege escalation
Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...
CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands
It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate...
Network drives aren't mapped correctly from DFS namespace in Windows Server 2012 R2-based RDS server
Network drives aren't mapped correctly from DFS namespace in Windows Server 2012 R2-based RDS server This article describes an issue that occurs on a Windows Server 2012 R2-based computer that has the Remote Desktop Services RDS role installed. You can fix this issue by using the update in this...
How to Enable Logging on Receiver for Windows Using Registry Entries
This article describes how to enable logging on Receiver for Windows using registry entries. While the registry method is provided as an alternative solution, users are advised to prioritize the Diagnostic Tools for a more efficient and user-friendly troubleshooting experience, and it is strongly...
Xfinity Gateway - Cross-Site Request Forgery
Xfinity Gateway - Cross-Site Request Forgery EXPLOIT TITLE: CSRF RCE XFINITY WEB GATEWAY AUTHOR: Pabstersac DATE: 1ST OF AUGUST 2016 CVE: N/A CATEGORY: REMOTE CONTACT: [email protected] IF ANYONE HAS COMMUNICATION WITH VENDOR PLEASE NOTIFY THEM SINCE THEY HAVE IGNORED ME. CSRF FOR COMCAST...
kernel security and bug fix update
kernel - 2.6.18-416.0.0.0.1 - netfront fix ring buffer index go back led vif stop orabug 18272251 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add...
Cgiemail 1.6 - Source Code Disclosure
Cgiemail 1.6 - Source Code Disclosure !/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script...
Storefront - Enable Return to Last Folder
Enable return to last folder...