Target device cannot access VDisk and boot, Event ID 11 seen on Provisioning server

Some or all target devices cannot access the VDisk at boot - the device will get a boot file but be unable to go further. On the PVS servers: Event id 11 from StreamProcess.exe is seen with the error detail:Detected one or more hung threads...

SUSE CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

Failed to Publish FAS Certificate Template with "RPC server unavailable. 0x800706ba"

Failed to publishFAS certificate Template with"An error occurred: CCertAdmin::GetCAProperty:RPC server unavailable. 0x800706ba". On Domain Controller,there is an error message in Event Log "RPCCAUTHNLEVELPKTINTEGRITY"and EventID is 10036...

Error: "403 - Forbidden: Access is Denied" After Log on to NetScaler Gateway

Post external log on to Netscaler Gateway you receive a server error with the following text: Error: "403 - Forbidden: Access is Denied" After Log on to NetScaler Gateway...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

Design/Logic Flaw

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Business logic error: Not able to access newly created admin account with the username admin with the password

Hello team, recently I found that I'm able to create dual admin via the same username, by creating a dual admin account we maybe not be able login the newly created admin user-named account. 2. For example, the default username and password of nakama dashboard will be admin & password 3. After...

While using FAS application launch fails with error "Cannot start app <Application Name>"

Application launch fails with error "Cannot start app ", Event ID 1 and 28 are logged on Storefront servers. Event ID: 1 Description: The Federated Authentication Server at: returned a server error: 1 for method AssertIdentity...

PVS : Failed to connect to the PVS API, error : Unable to connect to the remote server

PVS : Unable to connect to the PVS API, error - Unable to connect to the remote server...

Zulip logic error vulnerability

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A logic error vulnerability exists in Zulip versions 2.1.0 through 5.2, which originates when the server incorrectl...

Tenda AC9 缓冲区错误漏洞

Tenda AC9 is a wireless router from Tenda, a Chinese company. Tenda AC9 is vulnerable to a stack overflow vulnerability, which originates from the goform/fastsettingwifiset function in the httpd service that does not properly validate data boundaries when performing operations on memory, and can ...

Protect

A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...

March 22, 2022—KB5011551 (OS Build 17763.2746) Preview

March 22, 2022—KB5011551 OS Build 17763.2746 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Updates an...

Active Sync Gateway Connector isn't working with new devices since Update to 10.14 RP4

After upgrading from 10.14 RP3 - 10.14 RP4 any new enrolled device can't access to our Exchange Server via Active Sync Connector. After rebooting XenMobile server during the update process, we observe errors in the RemoteConfigService.log file as follows: Error |...

PVS - 1912 - Unable to boot TD. Error "Server [IP Address]:6930: vDisk file access permission denied."

Unable to boot Target Device. Error "Server IP Address:6930: vDisk file access permission denied."...

Cross-Site Request Forgery (CSRF) in zmister2016/mrdoc

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Business Logic Errors in pimcore/demo

Description There is no check over the number of items that a user can add to the cart. Adding a huge amount of items when updating the cart, causes the server to fail returning a 500 Internal Server Error. Proof of Concept Below POST request causes the server to fail adding 900000000 items of th...

Unable to add Store in Native Workspace/Receiver App from External Machines

On adding Store error "Your account cannot be added" or "Could not detect the specific account" appears On Storefront no errors in event viewer Wireshark trace on NetScaler shows, NetScaler senta request to Storefront server for "/Agservices/Discover", storefront server returns "500 : Internal...

Cross site scripting

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...