CVE-2021-29523

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...

CVE-2021-29563

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation Exploit

//Discovered by:: TOUHAMI KASBAOUI - VXREMALWARE //Reported to Citrix: 25/03/2023 //Tested Version: 22.2.1.103, 23.1.1.11/Last version //Exploit: https://github.com/sqrtZeroKnowledge/CitrixSecureAccessLPE0DAY define UNICODE define UNICODE include include include include include using namespace st...

CVE-2022-36019 `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35983 `CHECK` fail in `Save` and `SaveSlices` in TensorFlow

TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...

CVE-2022-35969 `CHECK` fail in `Conv2DBackpropInput` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2015-4420

Multiple cross-site scripting XSS vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 crafted check plugin, the 2 description in a host profile, or the 3 pluginargs parameter to a Test service check page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 crafted check plugin, the 2 description in a host profile, or the 3 pluginargs parameter to a Test service check page...

CVE-2015-4420

Opsview CVE-2015-4420 affects Opsview 4.6.2 and earlier, with multiple XSS flaws exploitable via (1) crafted check plugins, (2) description text in a host profile, or (3) the plugin_args parameter on a Test service check page. The issue enables remote injection of arbitrary script/HTML and is doc...

Opsview <= 4.6.2 - Multiple XSS Vulnerabilities

Exploit for php platform in category web applications Exploit title: Opsview 4.6.2 - Multiple XSS Date: 07-06-2015 Vendor homepage: www.opsview.com Version: 4.6.2 CVE: CVE-2015-4420 Author: Dolev Farhi @dolevf Tested On: Kali Linux + Windows 7 Details: -------- Opsview is a monitoring system base...

Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities

Exploit title: Opsview 4.6.2 - Multiple XSS Date: 07-06-2015 Vendor homepage: www.opsview.com Version: 4.6.2 CVE: CVE-2015-4420 Author: Dolev Farhi @dolevf Tested On: Kali Linux + Windows 7 Details: -------- Opsview is a monitoring system based on Nagios Core. Opsview is prone to several stored a...

NIS passwd.byname Map Disclosure

This script fetches the remote NIS 'passwd.byname' map, provided that the NIS domain name could be obtained. C Tenable Network Security, Inc. include 'compat.inc' ; if description scriptid12238; scriptversion"1.19"; scriptcvsdate"Date: 2018/08/13 14:32:37"; scriptnameenglish:"NIS passwd.byname Ma...