KB4480973: Windows 10 Version 1703 January 2019 Security Update

The remote Windows host is missing security update 4480973. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting

Exploit Title: Dolibarr ERP/CRM = 8.0.3 - Cross-Site Scripting CVE: CVE-2018-19799 Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://dolibarr.org Software Link: http://sourceforge.net/projects/dolibarr/files/ Version: v8.0.3...

Veeam Agent for Linux - veeamsnap and blksnap Extended Linux Distribution Support

This article provides supplementary information regarding the compatibility of the veeamsnap and blksnap kernel modules with various Linux distributions and kernel versions. It specifically addresses distributions and versions that are not explicitly listed in the System Requirements for Veeam...

OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection

Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Date: 2018-11-05 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link: https://sourceforge.net/projects/bigchef/files/latest/download...

PHP Proxy 3.0.3 Local File Inclusion

Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Date: 04.11.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version: v3.0.3 Category: Webapps Tested on: XAMP...

CVE-2018-8329

CVE-2018-8329 is an Elevation of Privilege vulnerability in Windows Subsystem for Linux (WSL). The issue arises from improper handling of memory objects, allowing an attacker who can log on to a system to execute arbitrary code with elevated privileges and potentially take control of the affected...

Microsoft Windows Multiple Vulnerabilities (KB4462919)

This host is missing a critical security update according to Microsoft KB4462919 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Integer overflow

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers...

CVE-2018-8441

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers...

CVE-2018-8441

CVE-2018-8441 is an elevation-of-privilege flaw in Windows Subsystem for Linux caused by an integer overflow. A locally authenticated attacker could exploit a crafted WSL object in memory to execute code with elevated privileges on affected Windows 10/Windows Server systems. Public advisories (MS...

Microsoft Windows Subsystem for Linux CVE-2018-8337 Local Security Bypass Vulnerability

Description Microsoft Windows Subsystem for Linux is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 version 170...

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Two ReDoS vulnerabilities in modules included in the Node.js n...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on June 11, 2015 by the...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed by the OpenSSL Project...

Security Bulletin: Vulnerabilities in OpenSSL affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-0701, CVE-2015-3197)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on January 28, 2016 by...

Security Bulletin: A security vulnerability has been identified in an IBM Tivoli Monitoring shared component shipped with Agent for Linux Kernel-based Virtual Machines (CVE-2015-2625, CVE-2015-1931, CVE-2015-7575, CVE-2015-4000)

Summary An IBM Tivoli Monitoring shared component is included as part of Agent for Linux Kernel-based Virtual Machines. Information about a security vulnerability affecting an IBM Tivoli Monitoring shared component has been published in a security bulletin. Vulnerability Details CVEID:...

Security Bulletin: IBM PowerVC - Local escalation of privilege vulnerability in DB2 for Linux (CVE-2016-5995)

Summary IBM PowerVC is impacted by Local escalation of privilege vulnerability in DB2 for Linux CVE-2016-5995 Vulnerability Details CVE-ID: CVE-2016-5995 Description: DB2 for Linux, Unix and Windows is vulnerable to a privilege escalation due to code being built with binaries with libraries in...

kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation

A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space...

Microsoft Windows Subsystem For Linux Local Privilege Escalation

define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation

Microsoft Windows Subsystem for Linux - execve Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x...