EyesOfNetwork 5.1 - Authenticated Remote Command Execution

Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution Google Dork: N/A Date: 2019-08-14 Exploit Author: Nassim Asrir Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: https://www.eyesofnetwork.com/?pageid=48&lang=fr Version: 5.1 "; while$read = fread$handle,100 ec...

The vulnerability of the AppCache component in the Google Chrome web browser allows a hacker to circumvent existing security restrictions.

The vulnerability of the AppCache component in the Google Chrome web browser is related to security configuration errors. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions by using compromised render processes...

polkit: Multiple vulnerabilities

Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description Multiple vulnerabilities have been discovered in polkit. Please review the CVE identifiers referenced below for details. Impact Please review the referenced...

Windows NTFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attack...

polkit security and bug fix update

0.112-22.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.112-22 - pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled - Resolves: rhbz1325512 0.112-21 - Mitigation of regression caused by fix of CVE-2018-19788 - Resolves: rhbz1656377 0.112-20 - Fix of...

FreeBSD : FreeBSD -- Kernel memory disclosure in freebsd32_ioctl (6b856e00-b30a-11e9-a87f-a4badb2f4699)

Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. Impact : A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memo...

NewStart CGSL MAIN 4.05 : coreutils Vulnerability (NS-SA-2019-0107)

The remote NewStart CGSL host, running version MAIN 4.05, has coreutils packages installed that are affected by a vulnerability: - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with ro...

CVE-2016-10810

In cPanel before 57.9999.54, /scripts/maildirconverter exposed a TTY to an unprivileged process SEC-115...

systemd: kills privileged process if unprivileged PIDFile was tampered

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

Pulling Back the Curtain

As ASVs, a lot of what we do is shrouded in mystery and danger well, at least the former of those two. Today, we would like to take a moment to let you in on some of the processes we use to deal with all those disputes you might have to submit...

CVE-2019-5605

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may...

Design/Logic Flaw

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may...

CVE-2019-5605

Removed by vendor...

FreeBSD -- Kernel memory disclosure in freebsd32_ioctl

Problem Description: Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. Impact: A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kern...

PT-2019-3037 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when reparse points are created by sandboxed processes, allowing sandbox escape. This could enable an attacker to...

McAfee Agent 5.6.x < 5.6.1 HF3 Privilege Escalation Vulnerability (SB10288)

The version of McAfee Agent, formerly McAfee ePolicy Orchestrator ePO Agent, installed on the remote host is 5.6.x prior to 5.6.1 HF3. It is, therefore, affected by a privilege escalation vulnerability. An authenticated, local administrator can exploit this issue, via carefully constructed file i...

CVE-2019-3592

Privilege escalation vulnerability in McAfee Agent MA before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory...

[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

CVE-2017-9327

Secret data of processes managed by CM is not secured by file permissions...

F5 Networks BIG-IP : iControl REST vulnerability (K22384173)

Undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack.CVE-2019-6641 Impact BIG-IP When this vulnerability is exploited, the restjavad...