Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort

Quick Emulator QEMU built with the Network Block Device NBD Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd...

SQL Injection Vulnerability in China Steel Pipe Trade Website Construction System

China steel pipe trade network is a comprehensive industry website, focusing on services for enterprises, the site can publish steel pipe supply, steel pipe purchase, steel pipe industry, you can also view the day's industry information, steel pipe exhibition. China Steel Pipe Trade Network websi...

Pipe Finder - Automated script to search in SMB protocol for availables pipe names

Automated script to search in SMB protocol for availables pipe names. Requirements metasploit-framework wget pipeauditv2.rb module https://github.com/peterpt/pipeauditorfb - It will be installed on first run How to Run git clone https://github.com/peterpt/pipefinder.git cd pipefinder && ./pipef...

[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

i-spraynozzle.com XSS vulnerability

Vulnerable URL: http://www.i-spraynozzle.com/Spray-Nozzle-Search.php?q=13'"304 Stainess Steel Pipe Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 8173618 VIP website status:| No...

Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse Named Pipe (SMB) Stager

Inject the meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker via a named pipe pivot This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Windows Meterpreter (Reflective Injection), Windows x86 Reverse Named Pipe (SMB) Stager

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker via a named pipe pivot This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

CVE-2017-12784

In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...

Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort

Quick Emulator QEMU built with the Network Block Device NBD Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd...

Fedora Update for globus-xio-pipe-driver FEDORA-2017-0eea793538

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-0eea793538)

globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...

Windows SMB PsImpersonateClient null token vulnerability

Added: 07/13/2017 CVE: CVE-2017-0144 BID: 96704 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. Problem A remote attacker can execute arbitrary commands with SYSTEM privileges by overwriting the token to a null value and forci...

Windows SMB PsImpersonateClient null token vulnerability

Added: 07/13/2017 CVE: CVE-2017-0144 BID: 96704 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. Problem A remote attacker can execute arbitrary commands with SYSTEM privileges by overwriting the token to a null value and forci...

Fedora 25 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-7591a8e2c9)

globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...

[SECURITY] Fedora 25 Update: globus-xio-pipe-driver-3.10-1.fc25

The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for thei...

[SECURITY] Fedora 24 Update: globus-xio-pipe-driver-3.10-1.fc24

The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for thei...

Fedora Update for globus-xio-pipe-driver FEDORA-2017-5f8ebbd2b1

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for globus-xio-pipe-driver FEDORA-2017-7591a8e2c9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege escalation

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability...

Design/Logic Flaw

In FlexNet Publisher versions before Luton SP1 11.14.1.1 running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute...