Cross site scripting

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clev...

CVE-2017-11193

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these comman...

USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

Linux Kernel ping Denial Of Service

Source: https://raw.githubusercontent.com/danieljiang0415/androidkernelcrashpoc/master/panic.c include include include include static int sockfd = 0; static struct sockaddrin addr = 0; void fuzzvoid param while1 addr.sinfamily = 0;//rand%42; printf"sinfamily1 = %08lx\n", addr.sinfamily;...

USN-3312-1 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAPNETADMIN capability could use this to expose sensitive information or cause a denial of service. CVE-2016-7917 Qian Zhang discovered a heap-based...

Linux Kernel - ping Local Denial of Service

Linux Kernel - ping Local Denial of Service // Source: https://raw.githubusercontent.com/danieljiang0415/androidkernelcrashpoc/master/panic.c include include include include static int sockfd = 0; static struct sockaddrin addr = 0; void fuzzvoid param while1 addr.sinfamily = 0;//rand%42;...

Linux Kernel - 'ping' Local Denial of Service

// Source: https://raw.githubusercontent.com/danieljiang0415/androidkernelcrashpoc/master/panic.c include include include include static int sockfd = 0; static struct sockaddrin addr = 0; void fuzzvoid param while1 addr.sinfamily = 0;//rand%42; printf"sinfamily1 = %08lx\n", addr.sinfamily;...

Moxa AWK-3131A Wireless Access Point Operating System Command Injection Vulnerability

Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa China. An operating system command injection vulnerability exists in the web application 'ping' function in Moxa AWK-3131A Wireless Access Points using firmware version 1.1. A remote attacker could exploit this vulnerability to...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3312-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3312-1 advisory. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the...

Oracle Communications Security Gateway Remote Vulnerability

Oracle Communications Security Gateway provides security for the delivery of voice and data. Delivery of voice and data services from a trusted service provider's core network is guaranteed through, for example, access to local wifi devices over untrusted networks. A remote security vulnerability...

CVE-2017-9133

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)

The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986990 CVE-2017-7895 - fnic: Update fnic driver version to 1.6.0.24 John Sobecki Orabug: 24448585 - xen-netfront: Rework th...

PingID MFA Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction:...

Unbreakable Enterprise kernel security update

2.6.39-400.295.2 - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 2.6.39-400.295.1 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed Orabug: 25510857 - IB/CORE: sync the resouce access in fmrpool...

CVE-2017-3470

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications subcomponent: Network. The supported version that is affected is 3.0.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise...

Buffer overflow

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications subcomponent: Network. The supported version that is affected is 3.0.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise...

CVE-2017-3470

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications subcomponent: Network. The supported version that is affected is 3.0.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise...

CVE-2017-3470

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications subcomponent: Network. The supported version that is affected is 3.0.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise...

CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...

CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...