1683 matches found
Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten...
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)
This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050 : - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...
Default credentials
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to...
GNU glibc 'pop_fail_stack()' function denial of service vulnerability
GNU C Library is an open source, free C compiler released under the LGPL license. A denial of service vulnerability exists in the 'popfailstack' function in GNU C Library. A remote attacker could exploit the vulnerability to submit a special request that would crash the application...
UBUNTU-CVE-2015-8985
The popfailstack function in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial of service assertion failure and application crash via vectors related to extended regular expression processing...
Microsoft KB4013429 breaks Hyper-V 2016 Backup
Challenge After installing Microsoft KB4013429 update on a Hyper-V host, Hyper-V backups may fail. Removing the update may cause the host to enter a BSOD loop. Cause The problem appears only if KB4013429 update is installed not on all nodes of a Hyper-V cluster. In more detail, the issue persists...
PT-2017-4265 · Gnu +2 · Gnu C Library +2
Name of the Vulnerable Software and Affected Versions: GNU C Library affected versions not specified Description: The issue is related to the pop fail stack function in the GNU C Library, which can be exploited by attackers to cause a denial of service, resulting in an assertion failure and...
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)
Security Fixes : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 - A denial of service flaw was found in th...
CVE-2016-3025
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach...
resteasy-base security and bug fix update
3.0.6-4 - Resolves: rhbz1378619 - disable SerializerProvider by default 3.0.6-3 - Resolves: rhbz1357624 - fail to build with java 8 3.0.6-2 - Resolves: rhbz1280539 - fix pom version...
[SECURITY] Fedora 24 Update: mongodb-3.2.8-2.fc24
Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...
Unbreakable Enterprise kernel security and bugfix update
kernel-uek 3.8.13-118.13.2 - HID: hiddev: validate numvalues for HIDIOCGUSAGES, HIDIOCSUSAGES commands Scott Bauer Orabug: 24798695 CVE-2016-5829 3.8.13-118.13.1 - Revert 'rds: skip rx/tx work when destroying connection' Brian Maly Orabug: 24790116 3.8.13-118.12.1 - scsisysfs: protect against...
[SECURITY] Fedora 23 Update: mongodb-3.0.12-2.fc23
Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...
[SECURITY] Fedora 25 Update: mongodb-3.2.8-2.fc25
Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...
Google Chrome < 53.0.2785.113 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 53.0.2785.113. It is, therefore, affected by multiple vulnerabilities as referenced in the 201609stable-channel-update-for-desktop13 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113...
FreeBSD : FreeBSD -- Incorrect error handling in PAM policy parser (6e8f9003-6007-11e6-a6c3-14dae9d210b8)
The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the caller. The policy parser...
Microsoft Universal Outlook Information Disclosure Vulnerability
Microsoft Windows is the popular computer operating system. Universal Outlook is vulnerable to an information disclosure vulnerability if the establishment of a secure connection fails. An attacker could exploit this vulnerability to obtain username and password information...
Timing Attack
Overview Affected versions of cookie-signature are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on...
Fail Hard - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Fail Hard published at the 'play' market has multiple vulnerabilities...