2528 matches found
Gentoo Local Privilege Vulnerability
Gentoo is an open source Linux system from the Gentoo Foundation. Ebuild in Gentoo may change directory and file permissions based on the order of installed packages, which can be exploited by a local attacker to read or write to a restricted directory, execute restricted commands via the affecte...
CVE-2017-9466
The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...
CVE-2017-6662
A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker mu...
BSA-2017-316
Security Advisory ID : BSA-2017-316 Component : SNMP Revision : 1.0: Interim In SNMP version 1 & 2 authentication should only accept the value stored in the SNMP agent authentication mechanism. With this vulnerability an attacker can use any value string or integer in order to authenticate the SN...
Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The offset2lib patch as use...
Qemu: display: cirrus: OOB r/w access issues in bitblt routines
An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on...
The butterfly effect and the program error---a slag-hole the use-vulnerability warning-the black bar safety net
Description A South American Amazon Basin rainforest butterfly, occasionally flapping a few wings, maybe in Texas cause a tornado? This I'm not sure I can determine is the program of any one of the minor errors after amplification are possible for the program to produce disastrous consequences...
Debian DLA-981-1 : apng2gif security update
It was discovered that apng2gif was vulnerable to an integer overflow resulting in a heap-based buffer over-read/write. A remote attacker could use this flaw to cause a denial of service application crash via a crafted APNG file. For Debian 7 'Wheezy', these problems have been fixed in version...
DC/OS Marathon UI - Docker (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...
Mixmax: Privilege escalation-User who does not have access is able to add notes to the contact
We didn't properly check that users had read-write access to contacts when posting notes...
BOSH Director VM Agent Anonymous Endpoint Vulnerability
BOSH is an open source tool for deployment and lifecycle management of large-scale distributed systems, of which Director VM is a virtual machine and stemcell is an image. A security vulnerability exists in the endpoint of the Agent in the BOSH Director VM using stemcell versions prior to 3232.6...
CVE-2017-6650
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...
HDWiki has a write file vulnerability that can take a shell
Interactive Wiki open source system HDwiki is Interactive Online Beijing Technology Co., Ltd. of an independent intellectual property rights of the Chinese Wiki Wiki system. HDWiki 6.0 version of the background management of any file read-write vulnerability , attackers can exploit the...
CVE-2016-9097
The Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only acce...
MS16-145: Edge browser the TypedArray. sort UAF vulnerability analysis-vulnerability warning-the black bar safety net
In this article, we will provide the reader detailed analysis of how to use the MS Edge browser in the UAF vulnerability to remote code execution. This article will provide readers in-depth analysis of the impact of MS Edge CVE-2016-7288 UAF vulnerability root causes, and how to reliably trigger...
SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Some Vendor Devices
SNMP is a network management standard based on the TCP/IP protocol family and is a standard protocol for managing network nodes such as servers, workstations, routers, switches, etc. in an IP network. SNMP protocol community strings of some vendors' devices have authentication privilege bypass...
CVE-2017-3478
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications subcomponent: Miscellaneous. Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2017-2320
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the...
UBUNTU-CVE-2017-5456
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
Multiple Read/Write Vulnerabilities in VMware Workstation and Horizon View Client (CNVD-2017-05883)
VMware Workstation is a paid and feature-rich set of virtual machine software.VMware Workstation Player is a free open source and simpler virtual machine software.Horizon Client for Windows is used to virtualize desktops and applications. VMware Workstation and Horizon View Client have multiple...