5131 matches found
kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
The madvisewillneed function in the Linux kernel allows local users to cause a denial of service infinite loop by triggering use of MADVISEWILLNEED for a DAX mapping...
kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
The madvisewillneed function in the Linux kernel allows local users to cause a denial of service infinite loop by triggering use of MADVISEWILLNEED for a DAX mapping...
kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...
Replication Error: The name '{vmname}' already exists.
Challenge Veeam Backup & Replication replication job fails with the following error message: Processing Error: The name 'replica' already exists. When the error above occurs within Veeam Backup & Replication the following correlating event can be found within the vSphere Events. Cause This error...
Web Testing Framework Samurai
The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites. In developing this...
VPNFilter’s Arsenal Expands With Newly Discovered Modules
Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After reverse-engineering seven additional third-stage...
UBUNTU-CVE-2018-17182
An issue was discovered in the Linux kernel through 4.18.8. The vmacacheflushall function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free and possibly gain privileges via certain thread creation, map, unmap, invalidation, and dereference operations...
PEDA - Python Exploit Development Assistance For GDB
PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...
DNS Rebinding Attack Framework: Singularity
Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...
D-Link DIR-615 Cross-Site Scripting Vulnerability (CNVD-2018-16522)
D-Link DIR-615 is a small wireless router product from AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DIR-615 version 20.07. A remote attacker can exploit this vulnerability by leveraging the 'description' field in the AddPortMapping UPnP SOAP request to inject JavaScript...
Linux kernel denial of service vulnerability (CNVD-2018-24546)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'xenvifsethashmapping' function in the drivers/net/xen-netback/hash.c file in Linux kernel 4.18.1 and earlier, which stems from...
CVE-2018-15471
A flaw in the netback module allowed frontends to control mapping of requests to request queues. An attacker can change this mapping by requesting invalid mapping requests allowing the usually privileged backend to access out-of-bounds memory access for reading and writing...
DEBIAN-CVE-2018-15471
An issue was discovered in xenvifsethashmapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or...
UBUNTU-CVE-2018-15471
An issue was discovered in xenvifsethashmapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or...
PT-2018-3388 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.11.x Linux kernel versions prior to 4.18.1 Description: The issue is related to the xenvif set hash mapping function in the Xen hypervisor, which is connected to an integer overflow when handling requests to the netbac...
Switch Port Mapping Tool 2.81.2 - Name Field Denial of Service (PoC)
Switch Port Mapping Tool 2.81.2 - Name Field Denial of Service PoC Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/...
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...
Switch Port Mapping Tool 2.81.2 Denial Of Service
Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...
Switch Port Mapping Tool 2.81.2 - Name Field Denial of Service Exploit
Exploit for unix platform in category dos / poc Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Vendor Homepage: https://switchportmapper.com/ Software Link:...
openSUSE Security Update : the Linux Kernel (openSUSE-2018-826)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP...