CVE-2016-7498

OpenStack Compute (Nova) 13.0.0 is vulnerable to a denial-of-service when a remote authenticated user deletes an instance still in the resize state, causing the original instance to remain on the compute node and consume disk space. This issue stems from a regression related to CVE-2015-3280. IBM...

Xe-toolstack-restart Fails with Error "Cannot Lock /dev/shm/xe_toolstack_restart.lock. Is an Instance of /opt/xensource/bin/xe-toolstack-restart Running Already? "

When trying to restart toolstack, following error is displayed: "cannot lock /dev/shm/xetoolstackrestart.lock. Is an instance of /opt/xensource/bin/xe-toolstack-restart running already? "...

Adobe Flash - Use-After-Free When Returning Rectangle

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=842 Several methods in flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a MovieClip...

DSA-3654-1 quagga - security update

Bulletin has no description...

AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...

CVE-2016-3824

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827...

UBUNTU-CVE-2016-3824

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827...

Oracle Glassfish PartItem Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Glassfish Server. Authentication is not required to exploit this vulnerability. The PartItem class allows remote attackers to write to arbitrary files via a NULL byte in a file name in a...

XSS in /includes/decorators/global-translations.jsp

Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to http:///includes/decorators/global-translations.jsp with the Host header set to some XSS payload e.g. codealert/xss/code The offending lines in code pick this payload and...

CVE-2016-0391

The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

CVE-2016-0916

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance...

CVE-2016-3087

creationtimestamp| type| source ---|---|--- 2016-06-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39919 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutsdmirestexec.rb 2023-12-06 12:02:24+00:00| seen|...

New Relic: Blind SSRF on synthetics.newrelic.com

Introduction It was possible to retrieve some data from the http://169.254.169.254/latest/ URL corresponding to the amazon instance metadatas. With more time, we can dump the whole content. PoC When creating a Ping Monitor on the https://synthetics.newrelic.com/accounts/XXXXXXX/synthetics URL, it...

Unable to Log on to XenMobile Admin Console Using Administrator Account

Not able to log on to XenMobile Server web console with administrator account. The following errors are noticed in the logs: 2016-04-06T09:31:08.358+0800 | EDC68337B8501EEC | WARN | http-nio-14443-exec-9 | ZDMAuthenticationProvider | Could not find administrator 2016-04-06T09:31:08.359+0800 |...

Stack overflow

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...

Amazon Web Services EC2 Instance Metadata Enumeration (Windows)

Binary data enumerateawsamiwin.nbin...

CVE-2016-1568

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via an invalid AHCI Native Command Queuing NCQ AIO command...

Configuring a SQL staging server to a Veeam Explorer gives “error: 25”

Challenge When configuring a staging SQL server for Veeam Explorers, the following error appears when a malformed server name is provided: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify th...

DEBIAN-CVE-2016-1973

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service use-after-free via unspecified vectors...

Debian DSA-3502-1 : roundup - security update

Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site...