██████: AWS Credentials leaked: access to production database backups, SSL certs and more

I found a public accessible Jenkins instance: https://██████jenkins.██████.com This instance requires login, however, it is possible to register an account using the signup page: https://██████jenkins.██████.com/signup Arbitrary file reads From there it is possible to use the Jenkins Script Conso...

404TinyShell connect over Protocol Instance

Document Title: =============== 404TinyShell connect over Protocol Instance References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1984 Video: https://www.youtube.com/watch?v=cQKGT1K8RZU Release Date: ============= 2016-10-14 Vulnerability Laboratory ID VL-ID:...

Gather AWS EC2 Instance Metadata

This module will attempt to connect to the AWS EC2 instance metadata service and crawl and collect all metadata known about the session'd host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2016-7498

OpenStack Compute nova 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service disk consumption by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression...

CVE-2016-7498

OpenStack Compute (Nova) 13.0.0 is vulnerable to a denial-of-service when a remote authenticated user deletes an instance still in the resize state, causing the original instance to remain on the compute node and consume disk space. This issue stems from a regression related to CVE-2015-3280. IBM...

Xe-toolstack-restart Fails with Error "Cannot Lock /dev/shm/xe_toolstack_restart.lock. Is an Instance of /opt/xensource/bin/xe-toolstack-restart Running Already? "

When trying to restart toolstack, following error is displayed: "cannot lock /dev/shm/xetoolstackrestart.lock. Is an instance of /opt/xensource/bin/xe-toolstack-restart running already? "...

Adobe Flash - Use-After-Free When Returning Rectangle

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=842 Several methods in flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a MovieClip...

DSA-3654-1 quagga - security update

Bulletin has no description...

AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...

CVE-2016-3824

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827...

UBUNTU-CVE-2016-3824

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827...

Oracle Glassfish PartItem Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Glassfish Server. Authentication is not required to exploit this vulnerability. The PartItem class allows remote attackers to write to arbitrary files via a NULL byte in a file name in a...

XSS in /includes/decorators/global-translations.jsp

Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to http:///includes/decorators/global-translations.jsp with the Host header set to some XSS payload e.g. codealert/xss/code The offending lines in code pick this payload and...

CVE-2016-0391

The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

CVE-2016-0916

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance...

CVE-2016-3087

creationtimestamp| type| source ---|---|--- 2016-06-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39919 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutsdmirestexec.rb 2023-12-06 12:02:24+00:00| seen|...

New Relic: Blind SSRF on synthetics.newrelic.com

Introduction It was possible to retrieve some data from the http://169.254.169.254/latest/ URL corresponding to the amazon instance metadatas. With more time, we can dump the whole content. PoC When creating a Ping Monitor on the https://synthetics.newrelic.com/accounts/XXXXXXX/synthetics URL, it...

Unable to Log on to XenMobile Admin Console Using Administrator Account

Not able to log on to XenMobile Server web console with administrator account. The following errors are noticed in the logs: 2016-04-06T09:31:08.358+0800 | EDC68337B8501EEC | WARN | http-nio-14443-exec-9 | ZDMAuthenticationProvider | Could not find administrator 2016-04-06T09:31:08.359+0800 |...

Stack overflow

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...

Amazon Web Services EC2 Instance Metadata Enumeration (Windows)

Binary data enumerateawsamiwin.nbin...