Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-61.1.33 - Revert 'x86/mm: Expand the exception table logic to allow new handling options' Brian Maly Orabug: 25790387 CVE-2016-9644 - Revert 'fix minor infoleak in getuserex' Brian Maly Orabug: 25790387 CVE-2016-9644 4.1.12-61.1.32 - x86/mm: Expand the exception table logic to...

Oracle Linux 6 : kernel (ELSA-2017-0817)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0817 advisory. - net dccp: fix freeing skb too early for IPV6RECVPKTINFO Hannes Frederic Sowa 1424628 CVE-2017-6074 - fs posixacl: Clear SGID bit when setting file...

PT-2017-1799 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.10.8 Description: The issue is related to the ping unhash function in the Linux kernel, specifically in the net/ipv4/ping.c file. It is associated with inadequate access control. The exploitation of this issue...

DLink / TRENDnet - NCC Service Command Injection Exploit

Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'D-Link/TRENDnet NCC Service Command Injection', 'Description' = %q...

NETGEAR DGN2200 Remote Command Execution

0x00 summary NETGEAR DGN2200 router ping. the cgi script does not have to enter parameters for authentication, the result can be constructed in a specific request to perform system command. 0x01 details Through the capture, the parameters will be pingIPAddr the IP address back add;cmdto perform a...

NetGain Enterprise Manager 7.2.562 - Ping Command Injection Vulnerability

Exploit for jsp platform in category web applications Exploit Title: NetGain Enterprise Manager – “Ping” Command Injection Date: 23.02.2017 Exploit Author: MrChaZ Vendor Homepage: http://www.netgain-systems.com/ Version: = v7.2.562 build 853 Tested on: Windows 10 Pro 64-bit 10,0 Build 14393...

Ping Identity 'mod_auth_openidc' Module Authentication Bypass Vulnerability

Ping Identity 'modauthopenidc' module is an authentication/authorization module for the Apache 2.x HTTP server used to authenticate users against the OpenID connection provider. An authentication bypass vulnerability exists in the Ping Identity 'modauthopenidc' module. An attacker can use this...

Windows/x86 - Executable Directory Search Shellcode (130 bytes)

Title: Windows x86 - Executable directory search Shellcode 130 bytes Date: 26-02-2017 Author: Krzysztof Przybylski Platform: Winx86 Tested on: WinXP SP1 Shellcode Size: 130 bytes / Description: write & exec dir searcher starts from C:\ If dir found then write, execute ping 127.1.1.1 and exit If...

Windows x86 - Executable Directory Search Shellcode (130 bytes)

Windows x86 - Executable Directory Search Shellcode 130 bytes. Shellcode exploit for Winx86 platform Title: Windows x86 - Executable directory search Shellcode 130 bytes Date: 26-02-2017 Author: Krzysztof Przybylski Platform: Winx86 Tested on: WinXP SP1 Shellcode Size: 130 bytes / Description:...

Ping Identity 'mod_auth_openidc' Module Content Spoofing Vulnerability

Ping Identity, a cloud security services company, provides enterprise identity security services to its customers. A content spoofing vulnerability exists in the Ping Identity 'modauthopenidc' module, which stems from a failure to adequately validate user input. An attacker could exploit the...

Ping Identity 'mod_auth_openidc' Module Authentication Bypass Vulnerability

Ping Identity, a cloud security services company, provides enterprise identity security services to its customers. An authentication bypass vulnerability exists in Ping Identity 'modauthopenidc'. An attacker could use this vulnerability to bypass the authentication mechanism to perform unauthoriz...

NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection

Exploit Title: NetGain Enterprise Manager – “Ping” Command Injection Date: 23.02.2017 Exploit Author: MrChaZ Vendor Homepage: http://www.netgain-systems.com/ Version: = v7.2.562 build 853 Tested on: Windows 10 Pro 64-bit 10,0 Build 14393 Description:...

NetGain Enterprise Manager 7.2.562 - Ping Command Injection

NetGain Enterprise Manager 7.2.562 - Ping Command Injection...

PT-2017-4247 · NetGear · Netgear Dgn2200

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200 devices with firmware through 10.0.0.50 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This can be exploited by a remote attacker to execute arbitrary ...

PT-2017-3168 · NetGear · Netgear Dgn2200

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200 versions through 10.0.0.50 Description: The issue allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping IPAddr field of an HTTP POST request to the ping.cgi endpoint. This is d...

DEBIAN-CVE-2016-2788

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command...

MTR - A Network Diagnostic Tool

MTR combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the...

Smith - A Very Quick And Very Dirty Client/Server Tool For Testing Firewalls

A client/server style agent meant for testing connectivity to and from a machine on a network. Installation python setup.py install or pip install . should install smith. Note: If you want to use the tcp/udp protocol options, you'll need to install scapy and it's dependencies. Ubuntu has 'apt-get...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...

CVE-2014-2045

Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...