Thru Managed File Transfer Portal 9.0.2 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-056 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification:...

Thru Managed File Transfer Portal 9.0.2 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-057 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Open Manufacturer...

How to get disk changed areas from CBT(changed block tracker) in vSphere

Purpose This article demonstrates how to pull the changed disk areas in a vSphere environment. Performing this task is intended as a way to demonstrate how changed block tracking functions for Veeam Backup & Replication jobs. The most common situation where this article comes into play is when a...

Windows Gather Active Directory Managed Groups

This module will enumerate AD groups on the specified domain which are specifically managed. It cannot at the moment identify whether the 'Manager can update membership list' option option set; if so, it would allow that member to update the contents of that group. This could either be used as a...

Arris TG1682G Modem - Persistent Cross-Site Scripting

Unauth Stored CSRF/XSS - Xfinity Modem alert1" /...

Code injection

The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app...

CVE-2015-7016

The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app...

CVE-2015-7016

The CVE-2015-7016 issue affects Apple Mac OS X (MCX Application Restrictions) prior to OS X 10.11.1 where Managed Configuration mishandles provisioning profiles. This enables a crafted developer-signed app to bypass entitlement restrictions and gain privileges, due to a flaw in how provisioning p...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

CVE-2015-7839

SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...

Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within requests to /services/messagebroker/nonsecurestreamingamf utilizing t...

TIBCO Slingshot Information Disclosure Vulnerability

TIBCO Managed File Transfer is an enterprise-class peer-to-peer file transfer solution. A security vulnerability exists in the TIBCO Managed File Transfer engine that could be exploited by remote attackers to submit a special HTTP request to obtain sensitive information...

CVE-2015-5711

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request...

CVE-2015-5711

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request...

CVE-2015-5711

The CVE-2015-5711 entry affects TIBCO products: Managed File Transfer Internet Server (before 7.2.5), Managed File Transfer Command Center (before 7.2.5), Slingshot (before 1.9.4), and Vault (before 2.0.1). The root cause is an information disclosure vulnerability that allows remote authenticated...

(0Day) Moxa OnCell Central Manager Server RequestController Static Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RequestController class. The specific flaw exists within the...

RPC function call failed. Function name: [GetSvcVersion]

Challenge Veeam Backup & Replication fails to communicate with the Veeam Installer Service service on a managed remote machine with the error: Error: The RPC server is unavailable. RPC function call failed. Function name: GetSvcVersion. Target machine: remotemachine.domain.tld:6160. This article ...

Moxa Industrial Managed Switch denial of service vulnerability(CVE-2 0 1 5-6 4 6 5)-vulnerability warning-the black bar safety net

Affected system: Moxa Industrial Managed Switch EDS-408A Moxa Industrial Managed Switch EDS-405A Description: CVECAN ID: CVE-2 0 1 5-6 4 6 5 Moxa EDS-405A/EDS-408A Ethernet switch Series products. Moxa EDS-405A/EDS-408A embedded GoAhead Web serverthere is a denial of service vulnerability, an...

Details Surface on Patched Sandbox Violation Vulnerability in iOS

Apple patched an issue last week in iOS that could have allowed attackers to bypass the third-party app-sandbox protection mechanism on devices and read arbitrary managed preferences via a special app. The issue, which was present in versions of iOS prior to 8.4.1, stems from a vulnerability with...

CVE-2015-5749

The Sandboxprofiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app...