ntop-ng 2.5.160805 Username Enumeration

Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib server = 'ip.add.re.ss' username = 'ntopng-use...

Database Creation Error: The login already has an account under a different user name

When running the New Database Creation Wizard on the Workspace Environment Management WEM Infrastructure Services server, the administrator encounters the following error: "Database Creation Error!" A database is partially created on the SQL server, without any tables. TheCitrix Workspace...

Elevation of Privilege Vulnerability in Multiple Pivotal Products

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.UAA /oauth/token endpoint is an identity management service endpoint of PCF. Elastic...

DHS Announces Intent to Publish IoT Security Framework

CAMBRIDGE, Ma.—The Department of Homeland Security today formally announced its plan to develop a set of strategic principles for the Internet of Things, saying such a framework is necessary to protect the nation’s critical infrastructure from cyber threats. In a brief talk at the Internet of...

KLA10868 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. An integer overflow, memory corruption and use-after-free...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3061-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3061-1 advisory. Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could...

Buffer overflow parsing HTML5 fragments — Mozilla

Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document...

How to manually join a new Controller to an existing site

Joining a new controller to an existing site...

Error while running Configuration wizard : "There are no existing farms that you have access rights to"

We see the following error on running through Configuration Wizard : "There are no existing farms that you have access rights to"...

New Relic: User enumeration possible from log-in timing difference

Logging in with a username that already has an account takes longer to process than a username that does not have an account. This can be used to see if a given e-mail has a NewRelic account, and in turn can be used to enumerate all accounts on NewRelic. With an e-mail that already exists, the ti...

Apple Mac OSX iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution Vulnerabilities

Apple Mac OSX iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution Vulnerabilities Source: https://code.google.com/p/google-security-research/issues/detail?id=618 The ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run th...

How do I Customize Unified Gateway Portal?

Use Case Portal is the first interaction point for end users and hence important to have correct representation of an organization. Customize the look and feel, color, logo and labels on the Gateway portal to brand the portal as per organizational standards. Introduction to Portal Customization...

DEBIAN-CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

ZTE ZXHN H108N R1A Privilege Bypass Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. A security vulnerability exists in ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE that allows remote attackers to authenticate using a pre-existing account and perform unauthorized operations by manipulating a paramete...

IBM WebSphere eXtreme Scale Access Privilege Bypass Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale does not invalidate pre-existing session identifiers, allowing remote attackers to exploit the vulnerability to gain access to other users...

DEBIAN-CVE-2015-1333

Memory leak in the keylinkend function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service memory consumption via many addkey system calls that refer to existing keys...

The vulnerability of the Flash Player software platform, which allows attackers to circumvent existing access restrictions

The vulnerability of the Flash Player software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass existing access restrictions remotely...

The vulnerability of the Flash Player software platform, which allows attackers to circumvent existing access restrictions

The vulnerability of the Flash Player software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass existing access restrictions remotely...

Mozilla Moving Toward Full HTTPS Enforcement in Firefox

The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections. Mozilla is the developer ...