806 matches found
Jenkins 2.56 CLI Deserialization / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins CLI Deserialization', 'Description' = %q An unauthenticated Java object deserialization vulnerability exists in the CLI component for...
September 8, 2020-KB4576481 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
September 8, 2020-KB4576481 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: September 8, 2020 Version: .NET Framework 4.8 Summary Security improvementsClickOnce will no longer download applications from untrusted servers which use NTLM authentication, but,...
September 8, 2020-KB4576480 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
September 8, 2020-KB4576480 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: September 8, 2020 Version: .NET Framework 4.8 Summary Security improvementsClickOnce will no longer download applications from untrusted servers which use NTLM authentication, but,...
August 11, 2020-KB4569747 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
August 11, 2020-KB4569747 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS...
July 31, 2020-KB4562899 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004
July 31, 2020-KB4562899 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 Release Date: July 31, 2020 Version: .NET Framework 3.5 and 4.8 The July 31, 2020 update for Windows 10 Version 2004 includes cumulative reliability improvements in .NET 3.5 and 4.8. We...
August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS...
August 11, 2020-KB4569746 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016
August 11, 2020-KB4569746 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web...
Documalis Free PDF Editor and Scanner JPEG Stack Buffer Overflow
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the us...
Is 97% Network Traffic Offload Interesting?
Sports, gaming, and other live events have the potential to overwhelm network capacity due to the sheer volume of traffic generated when large numbers of viewers or gamers engage. These "peak" events may only occur once a month or even once a year sports championships, election results, gaming...
Bolt CMS 3.7.0 Authenticated Remote Code Execution Exploit
This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7. Th...
Cisco Gather Device General Information
This module collects a Cisco IOS or NXOS device information and configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Gather Device General Information', 'Description' = %q This...
June 18, 2020—KB4567518 (OS Build 10240.18609)
June 18, 2020—KB4567518 OS Build 10240.18609 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates an issue that might prevent certain printers from printing, generate pri...
June 9, 2020—KB4561608 (OS Build 17763.1282)
June 9, 2020—KB4561608 OS Build 17763.1282 IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home,...
September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709
September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1709 includes cumulative reliability improvements in Microsoft .NET Framework 4....
May 12, 2020—KB4556854 (Security-only update)
May 12, 2020—KB4556854 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of...
May 12, 2020—KB4556826 (OS Build 10240.18575)
May 12, 2020—KB4556826 OS Build 10240.18575 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...
5 reasons to move your endpoint security to the cloud now
As the world has adopts work from home initiatives, we’ve seen many organizations accelerate their plans to move from on-premises endpoint security and Detection and Response EDR/XDR solutions to Software as a Service versions. And several customers who switched to the SaaS version last year,...
ThinkPHP 5.0.23 Remote Code Execution Exploit
This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the...
April 14, 2020—KB4549949 (OS Build 17763.1158)
April 14, 2020—KB4549949 OS Build 17763.1158 NEW IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the...
The vulnerability of Xen hypervisors arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of Xen hypervisors is related to a reliability domain error that may allow access to physical devices. Exploiting this vulnerability can enable attackers to gain access to confidential data, compromise its integrity, and cause service failures...