Lucene search
K

1683 matches found

0day.today
0day.today
added 2017/05/19 12:0 a.m.400 views

Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten...

9.3CVSS0.9923EPSS
Exploits55
rapid7community
rapid7community
added 2017/05/17 5:0 p.m.35 views

R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities

Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/19 12:0 a.m.35 views

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)

This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050 : - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...

8.8CVSS6.4AI score0.06515EPSS
Exploits2References17
Prion
Prion
added 2017/03/23 2:59 p.m.22 views

Default credentials

An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to...

4.3CVSS7.3AI score0.01766EPSS
Exploits0References3Affected Software10
CNVD
CNVD
added 2017/03/22 12:0 a.m.4 views

GNU glibc 'pop_fail_stack()' function denial of service vulnerability

GNU C Library is an open source, free C compiler released under the LGPL license. A denial of service vulnerability exists in the 'popfailstack' function in GNU C Library. A remote attacker could exploit the vulnerability to submit a special request that would crash the application...

5.9CVSS9.3AI score0.03001EPSS
Exploits0References1
OSV
OSV
added 2017/03/20 4:59 p.m.7 views

UBUNTU-CVE-2015-8985

The popfailstack function in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial of service assertion failure and application crash via vectors related to extended regular expression processing...

5.9CVSS6.9AI score0.03001EPSS
Exploits0References3
Veeam
Veeam
added 2017/03/20 12:0 a.m.14 views

Microsoft KB4013429 breaks Hyper-V 2016 Backup

Challenge After installing Microsoft KB4013429 update on a Hyper-V host, Hyper-V backups may fail. Removing the update may cause the host to enter a BSOD loop. Cause The problem appears only if KB4013429 update is installed not on all nodes of a Hyper-V cluster. In more detail, the issue persists...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/03/20 12:0 a.m.5 views

PT-2017-4265 · Gnu +2 · Gnu C Library +2

Name of the Vulnerable Software and Affected Versions: GNU C Library affected versions not specified Description: The issue is related to the pop fail stack function in the GNU C Library, which can be exploited by attackers to cause a denial of service, resulting in an assertion failure and...

9.8CVSS6.9AI score0.074EPSS
Exploits12References87
Tenable Nessus
Tenable Nessus
added 2017/02/21 12:0 a.m.40 views

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)

Security Fixes : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 - A denial of service flaw was found in th...

7.5CVSS6.9AI score0.57595EPSS
Exploits2References3
NVD
NVD
added 2016/11/25 3:59 a.m.25 views

CVE-2016-3025

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach...

8.1CVSS7.8AI score0.01602EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2016/11/09 12:0 a.m.27 views

resteasy-base security and bug fix update

3.0.6-4 - Resolves: rhbz1378619 - disable SerializerProvider by default 3.0.6-3 - Resolves: rhbz1357624 - fail to build with java 8 3.0.6-2 - Resolves: rhbz1280539 - fix pom version...

9.8CVSS3.6AI score0.04847EPSS
Exploits0
Fedora
Fedora
added 2016/10/06 10:23 p.m.32 views

[SECURITY] Fedora 24 Update: mongodb-3.2.8-2.fc24

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

5.5CVSS0.3AI score0.0037EPSS
Exploits0
Oracle linux
Oracle linux
added 2016/10/06 12:0 a.m.65 views

Unbreakable Enterprise kernel security and bugfix update

kernel-uek 3.8.13-118.13.2 - HID: hiddev: validate numvalues for HIDIOCGUSAGES, HIDIOCSUSAGES commands Scott Bauer Orabug: 24798695 CVE-2016-5829 3.8.13-118.13.1 - Revert 'rds: skip rx/tx work when destroying connection' Brian Maly Orabug: 24790116 3.8.13-118.12.1 - scsisysfs: protect against...

8.4CVSS0.1AI score0.01234EPSS
Exploits1
Fedora
Fedora
added 2016/10/03 8:22 p.m.42 views

[SECURITY] Fedora 23 Update: mongodb-3.0.12-2.fc23

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

5.5CVSS0.3AI score0.0037EPSS
Exploits0
Fedora
Fedora
added 2016/09/27 12:55 a.m.39 views

[SECURITY] Fedora 25 Update: mongodb-3.2.8-2.fc25

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

5.5CVSS0.3AI score0.0037EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/14 12:0 a.m.42 views

Google Chrome < 53.0.2785.113 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 53.0.2785.113. It is, therefore, affected by multiple vulnerabilities as referenced in the 201609stable-channel-update-for-desktop13 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113...

8.8CVSS8.2AI score0.0186EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2016/08/12 12:0 a.m.22 views

FreeBSD : FreeBSD -- Incorrect error handling in PAM policy parser (6e8f9003-6007-11e6-a6c3-14dae9d210b8)

The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the caller. The policy parser...

9.8CVSS7.3AI score0.02698EPSS
Exploits0References2
CNVD
CNVD
added 2016/08/10 12:0 a.m.4 views

Microsoft Universal Outlook Information Disclosure Vulnerability

Microsoft Windows is the popular computer operating system. Universal Outlook is vulnerable to an information disclosure vulnerability if the establishment of a secure connection fails. An attacker could exploit this vulnerability to obtain username and password information...

9.1CVSS8.6AI score0.09654EPSS
Exploits0References1
Node.js
Node.js
added 2016/07/27 12:24 a.m.32 views

Timing Attack

Overview Affected versions of cookie-signature are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on...

3.5CVSS4.1AI score0.00896EPSS
Exploits0Affected Software1
hackapp
hackapp
added 2016/04/01 9:41 a.m.17 views

Fail Hard - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Fail Hard published at the 'play' market has multiple vulnerabilities...

Exploits0References1Affected Software1
Rows per page
Query Builder