Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability

A vulnerability in the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. SPDX-FileCopyrightText: 2017 Greenbone AG Some...

Cisco Application-Hosting Framework Directory Traversal Vulnerability

A vulnerability in the web framework code of the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. SPDX-FileCopyrightText:...

Cisco IOx Data in Motion Stack Overflow Vulnerability

A vulnerability in the Data-in-Motion DMo process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device...

CVE-2017-3851

A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The...

CVE-2017-3852

A vulnerability in the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input...

Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability

A vulnerability in the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input...

Launches Hosts in AWS

This module will attempt to launch an AWS instances hosts in EC2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/aws/client' class MetasploitModule "Launches Hosts in AWS", 'Description'...

Error "License cannot be retrieved. Either the NetScaler..." When Adding NetScaler Instance to NetScaler MAS Inventory

When trying to add NetScaler instance to inventory it fails with the following error message: "Trying to connect to "IPoftheNetScaler" Error: License cannot be retrieved. Either the NetScaler is unresponsive or the login credentials are incorrect."...

Update rollup for the Single Instance Storage (SIS) component

Update rollup for the Single Instance Storage SIS component Symptoms This is a Single Instance Storage SIS update rollup for Windows Storage Server 2008 R2 and Windows Server 2008 R2. This update rollup resolves the following issues: Issue 1 After a file is truncated to empty size on a SIS volume...

GitLab: Every user can delete public deploy keys

Vulnerability details A GitLab instance can have public deploy keys that project admins can use for their project. An attacker can delete these public keys used by other users to deploy code. Impact Deleting these shared deploy keys may stop users to deploy their code. Proof of concept Make sure...

CVE-2015-8817

QEMU aka Quick Emulator built to use 'addressspacetranslate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pcidmaread/write calls. Affects QEMU versions = 1.6.0 and = 2.3.1. A privileged user inside guest could use this flaw to cra...

PVS fails to connect to database after sql server mirroring failover

SqlException on db open, number = 53, msg = A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections...

X (Formerly Twitter): Sub Domain Takeover at mk.prd.vine.co

Hey It looks like the EC2 Instance at mk.prd.vine.co has been stopped and now it has been assigned to someone else Proof of Concept 1. http://mk.prd.vine.co/ few days back didn't have port 443 open but now it does have an open port 443 Response 400 Bad Request 400 Bad Request awselb/2.0 So it loo...

Design/Logic Flaw

Use-after-free vulnerability in the vmxnet3iobar0write function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service QEMU instance crash by leveraging failure to check if the device is active...

CVE-2016-6833

Use-after-free vulnerability in the vmxnet3iobar0write function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service QEMU instance crash by leveraging failure to check if the device is active...

CVE-2016-4625

creationtimestamp| type| source ---|---|--- 2016-10-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40669 2016-10-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40653...

██████: AWS Credentials leaked: access to production database backups, SSL certs and more

I found a public accessible Jenkins instance: https://██████jenkins.██████.com This instance requires login, however, it is possible to register an account using the signup page: https://██████jenkins.██████.com/signup Arbitrary file reads From there it is possible to use the Jenkins Script Conso...

404TinyShell connect over Protocol Instance

Document Title: =============== 404TinyShell connect over Protocol Instance References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1984 Video: https://www.youtube.com/watch?v=cQKGT1K8RZU Release Date: ============= 2016-10-14 Vulnerability Laboratory ID VL-ID:...

Gather AWS EC2 Instance Metadata

This module will attempt to connect to the AWS EC2 instance metadata service and crawl and collect all metadata known about the session'd host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2016-7498

OpenStack Compute nova 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service disk consumption by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression...