2272 matches found
CVE-2018-19640
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...
Memory corruption
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...
CVE-2018-19640
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...
CVE-2018-19640 Code execution if run with command line switch -v
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...
CVE-2018-19640
CVE-2018-19640 affects the OpenSUSE/openSUSE/SUSE openSUSE hostinfo and supportutils up to versions before 3.1-5.7.1. The issue allows an attacker who can create files in the log-collection directory to kill arbitrary processes on the local machine. Root cause cited: manipulation of the log direc...
Usermin 1.750 - Remote Command Execution (Metasploit)
Usermin 1.750 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' = %q...
SUSE Supportutils Input Validation Error Vulnerability
SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. An input...
Usermin 1.750 - Remote Command Execution Exploit
Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...
Android Kernel < 4.8 - ptrace seccomp Filter Bypass Exploit
/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...
BBC Inside Out. Consumer advice for the ‘smart’ homeowner
We were recently asked to demonstrate security flaws in a smart home for the BBC Inside Out TV show. We’ve done this before, so what was different? This home was by far the most connected we had looked at. Typically, homes have a few smart devices; a smart thermostat, CCTV, maybe a doorbell and...
polkit security update
0.112-18.0.1 - Increase timeout to avoid defunct processes bug26930744 0.112-18.el76.1 - Fix of CVE-2019-6133, PID reuse via slow fork - Resolves: rhbz1667311...
Oracle Linux 7 : polkit (ELSA-2019-0230)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0230 advisory. - Fix of CVE-2019-6133, PID reuse via slow fork Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...
How To Improve Your Online Processes
By Carolina In today’s internet-driven world, every business relies very heavily on the internet for their operation. There will be various online processes that a company uses no matter what industry they are in and you may find that there are ways that you can improve these processes. While thi...
[SECURITY] Fedora 28 Update: polkit-0.115-2.1.fc28
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...
LAquis SCADA LGX Report ShellExecute Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Webmin 1.900 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...
Webmin 1.900 - Remote Command Execution (Metasploit)
Webmin 1.900 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q...
Webmin 1.900 Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...
Information Disclosure
Systems with microprocessors utilizing speculative execution and address translations are vulnerable to information disclosure. An L1TF issue allows an unprivileged attacker to read privileged memory of the kernel or other processes by conducting targeted cache side-channel attacks...