Qualys Cloud Platform 2.32 New Features

This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. Post update...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution attacks. The library does not properly validate the import path when the -insecure flag is used for the go get command. This allows a malicious user to execute arbitrary commands through the use of a malicious website...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

Code injection

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

UBUNTU-CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

CVE-2018-7187

Removed by vendor...

Kenna Security: Connectors and REST API

In the last post about Kenna Security cloud service I mentioned their main features for analyzing data from different vulnerability scanners. Now let's see how to import Tenable Nessus scan results in Kenna. Here you can see the list of connectors for all supported products: Three connectors for...

LogicalDOC Enterprise 7.7.4 - Directory Traversal Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

Can't import Gold VM into App Layering, it says "The virtual machine template cannot have any attached disks."

You are trying to import a new Gold VM to be an OS layer. The first thing you need to do is create a Connector. In the Connector, you see the field for Template, and you try to select your Gold VM there. When you test it, it fails saying one of these: "The virtual machine template cannot have any...

Huawei eSpace 7950 and 8950 Remote Code Execution Vulnerability (CNVD-2018-02550)

Huawei eSpace 7950 and 8950 are both 7950 and 8950 series IP Phones from Huawei, China. A remote code execution vulnerability exists in the Import Signal Tone feature and Import Language Packet feature of the Huawei eSpace 7950 and 8950 due to the program failing to adequately validate messages. ...

Huawei eSpace 7950 and 8950 Remote Code Execution Vulnerability

Huawei eSpace 7950 and 8950 are both 7950 and 8950 series IP Phones from Huawei, China. A remote code execution vulnerability exists in the Import Signal Tone feature and Import Language Packet feature of the Huawei eSpace 7950 and 8950 due to the program failing to adequately validate messages. ...

Dup Scout Enterprise 10.4.16 Import Command Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Dup Scout Enterpris...

Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow', 'Description' = %q This...

Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow

This module exploits a buffer overflow in Dup Scout Enterprise v10.4.16 by using the import command option to import a specially crafted xml file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Sync Breeze Enterprise 9.5.16 Import Command Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Sync Breeze...