SAP Hostcontrol Denial of Service Vulnerability

SAP Hostcontrol is a set of host control agent software from SAP in Germany. The software has operating system monitoring, database monitoring, system instance monitoring and configuration and other functions. A security vulnerability exists in SAP Hostcontrol. An attacker could exploit this...

How to Backup The Veeam ONE SQL Database

Purpose This article documents methods to back up the Veeam ONE SQL database. This is useful when you have to do a backup before an upgrade or if you have been asked to provide a backup of Veeam ONE database to Veeam Support for further in-depth analysis. Solution Identify the Location of the Vee...

SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization

Title: SmartBear SoapUI - Remote Code Execution via Deserialization Author: Jakub Palaczynski Date: 12. July 2017 Exploit tested on: ================== SoapUI 5.3.0 Also works on older versions. Vulnerability: Remote Code Execution via Deserialization: ================================= SoapUI by...

CVE-2017-14694

Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at...

A secure captive portal browser with automatic DNS detection

Captive portals are the worst. Flaky detection. The OS and browser try to detect these annoying network features but fail quite often, leaving you with broken connections. DID YOU KNOW that probe-based captive portal detection really doesn't work very well, with 30% FP and 30% FN rate in Chrome? ...

CVE-2017-1438

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 includes DB2 Connect Server could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057...

Pornhub: Unsecured Elasticsearch Instance

The researcher has found an insecure Elasticsearch instance accessible to the public. A publicly accessible server running Elasticsearch instance was identified, due to a firewall misconfiguration. The instance was only intermittently accessible because of round robin ordering. The instance...

Design/Logic Flaw

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU aka Quick Emulator allows attackers to cause a denial of service QEMU instance crash by leveraging failure to properly clear ifqso from pending packets...

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

DEBIAN-CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

How to Use Variables in Configuration Jobs on NetScaler MAS

A configuration job is a set of configuration commands that you can execute on one or more managed instances. When you execute the same configuration on multiple instances, you might want to use different values for the parameters used in your configuration. You can define variables that enable y...

Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass

Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass Exploit Title: Red-Gate SQL Monitor authentication bypass Version: Redgate SQL Monitor before 3.10 and 4.x before 4.2 Date: 2017-08-10 Red-Gate made a security announcement and publicly released the fixed version more than two years before thi...

Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow

@nahamsec found a test Jenkins instance where they could login with any valid Google account. Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources. Methodology Here is the...

CVE-2017-11334

CVE-2017-11334 affects QEMU and is described as an OOB read/write bug in the address_space_write_continue path (exec.c) that allows a privileged guest‑OS user, via qemu_map_ram_ptr accessing guest RAM, to cause a denial of service and guest crash. The impact is local and involves an out‑of‑bounds...

CVE-2017-11334

The addressspacewritecontinue function in exec.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds access and guest instance crash by leveraging use of qemumapramptr to access guest ram block area...

CVE-2017-11334

The addressspacewritecontinue function in exec.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds access and guest instance crash by leveraging use of qemumapramptr to access guest ram block area...

CVE-2017-11468

It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...

Fedora 26 : cloud-init (2017-83671c0fa0)

This update fixes several issues with systemd service ordering and network configuration. It also backports a fix for a security issue in which instances run in EC2 write IAM instance profile credentials to disk. To work around the security issue without updating cloud-init, wait at least six hou...