CVE-2020-1614 NFX250 Series: Hardcoded credentials in the vSRX VNF instance.

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function VNF instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service e.g. SSH on the VNF, either locally, or...

CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

Exim: Heap-based buffer overflow

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description It was discovered that Exim incorrectly handled certain string operations. Impact A remote attacker, able to connect to a vulnerable Exim instance, could possibly...

Directory traversal

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory...

Sysaid 20.1.11 b26 - Remote Command Execution

Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Date: 2020-03-09 Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link: https://www.sysaid.com/free-help-desk-software Version:...

Sysaid 20.1.11 b26 - Remote Command Execution

Sysaid 20.1.11 b26 - Remote Command Execution Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Date: 2020-03-09 Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link:...

Sysaid 20.1.11 b26 - Remote Command Execution Vulnerability

Exploit for java platform in category web applications Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link:...

Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4322).

Summary Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation from an authenticated local user to either root or instance owner. Vulnerability Details CVEID: CVE-2019-4322 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is...

Security Bulletin: Under specialized conditions, IBM® Db2® is vulnerable to denial of service (CVE-2019-4101).

Summary Db2 is vulnerable to a denial of service. Users that have both EXECUTE on PDGETDIAGHIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. Vulnerability Details CVEID: CVE-2019-4101 DESCRIPTION: DB2 for Linux, UNIX and Windows includes DB2 Connect...

Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016).

Summary Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation from an authenticated local user to either root or instance owner. Vulnerability Details CVEID: CVE-2018-1922 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is affecte...

CVE-2019-17647

An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter...

CVE-2019-10569

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...

Stack overflow

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...

Razer: Helpdesk takeover (subdomain takeover) in razerzone.com domain via unclaimed Zendesk instance

The tester discovered a Razer subdomain subject to a takeover. Although we do not normally accept these as part of this program, Razer thanks the tester for his report...

Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability (cisco-sa-20190515-iosxr-evpn-dos)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Border Gateway Protocol BGP Multiprotocol Label Switching MPLS-based Ethernet VPN EVPN implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial ...

Updated tomcat packages fix security vulnerabilities

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

CVE-2012-6302

Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox...

CVE-2015-5278

The ne2000receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service infinite loop and instance crash or possibly execute arbitrary code via vectors related to receiving packets...

h1-ctf: [h1-415 2020] @_bayotop h1-415-ctf writeup

TL;DR: Thanks for the challenge! 1. Abusing account recovery via QR codes to get access to [email protected]. 2. Blind XSS in /support/review/ including CSP bypass. 3. Missing input sanitization on name parameter when POSTing to /support/review/. 4. Access to remote debugging port on local...

[SECURITY] Fedora 31 Update: knot-resolver-4.3.0-1.fc31

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...