mod_cluster: Protocol parsing logic error

An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...

Restrict access to certain URLs based on the Source client IP

Restrict certain IPs who should not be able to access certain URLs when they hit the Load balancing virtual server on the NetScaler...

UBUNTU-CVE-2017-5391

Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox 51...

Scada-os Configuration Software dll Hijacking Vulnerability

Scada-os is a SCADA system developed by several SCADA configuration software engineers. The TsStudio.exe component of the Scada-os configuration software is not safe to load library files, so an attacker can construct a malicious application and place it in a specific path, which will allow the...

[SECURITY] [DLA 788-1] pdns-recursor security update

Package : pdns-recursor Version : 3.3-3+deb7u2 CVE ID : CVE-2016-9139 Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to...

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0...

Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution

Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0 Introduction Zeroshell is a small Linux distribution for...

XML External Entity (XXE) Injection

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to XML External Entity XXE Injection when opting into the DTDLOAD option and opting out of the NONET option. Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt...

OpenSSH 7.x < 7.4 Multiple Vulnerabilities

Binary data 9855.prm...

Update Rollup 10 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 10 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the new features that are added and the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 R2 Virtual Machine Manager. The following updates are available for System Cent...

Loading DNS zones fails on a Windows Server 2008 R2-based DNS server

Loading DNS zones fails on a Windows Server 2008 R2-based DNS server This article describes an issue in which a Windows Server 2008 R2 Service Pack 1 SP1-based DNS server that has Active Directory–integrated zones fails to load DNS zones. An update is available to fix this issue. Before you insta...

All Traffic Goes to One StoreFront Server When StoreFront is Load Balanced with NetScaler

User noticed that his StoreFront servers are not load balanced properly. They currently have configured 4 StoreFront servers which is part of a server group and service group on the NetScaler. The NetScaler load balancing method is set to Round Robin, however only one StoreFront server is receivi...

After upgrade to Provisioning Server 7.6 a vdisk does not stream to all PVS servers; Load balancing not working.

After upgrade to Provisioning Server 7.6 a vdisk does not stream to all PVS servers. Load balancing not is working...

Error: "An authentication request was made before establishing a web session"

When going through the NetScaler, the following error is seen in the Event Viewer: An authentication request was made before establishing a web session. This typically occurs when sticky load-balancing between client and StoreFront is misconfigured...

Red Hat mod_cluster Denial of Service Vulnerability

Red Hat JBoss Web Server is a U.S. Red Hat company built on top of Apache and Tomcat Web server , which supports the development of large-scale Web sites and Web applications in a customized , lightweight framework. modcluster is one of the HTTP protocol-based load balancing, fault-tolerant clust...

Remote msfconsole: msf-remote-console

Remote msfconsole A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to...

X (Formerly Twitter): Sub Domain Takeover at mk.prd.vine.co

Hey It looks like the EC2 Instance at mk.prd.vine.co has been stopped and now it has been assigned to someone else Proof of Concept 1. http://mk.prd.vine.co/ few days back didn't have port 443 open but now it does have an open port 443 Response 400 Bad Request 400 Bad Request awselb/2.0 So it loo...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

DEBIAN-CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...