7925 matches found
Default credentials
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step...
Design/Logic Flaw
The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLCPSROOTURI and DMLCPSROOTPORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLCPSROOTURI onc...
CVE-2018-1281
The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLCPSROOTURI and DMLCPSROOTPORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLCPSROOTURI onc...
CVE-2018-1281
The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLCPSROOTURI and DMLCPSROOTPORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLCPSROOTURI onc...
CVE-2018-1281
CVE-2018-1281 involves Apache MXNet in clustered deployments. The root cause is that in versions older than 1.0.0, the MXNet scheduler can be made to listen on 0.0.0.0 instead of the user-specified DMLC_PS_ROOT_URI/DMLC_PS_ROOT_PORT when a scheduler node initializes. This misconfiguration causes ...
CVE-2018-1281
The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLCPSROOTURI and DMLCPSROOTPORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLCPSROOTURI onc...
How to Collect Support Bundle from XenMobile Server CLI using FileZilla
This article describes how to collect XenMobile support bundle with FileZilla. FileZilla can be installed locally and act as FTP server...
Backdoorme - Powerful Auto-Backdooring Utility
Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target,...
CVE-2013-10061
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgeardgn1000bsetupexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Windows Packer Project for Defenders: DARKSURGEON
Darksurgeon is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. Darksurgeon has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...
Acunetix v12 - More Comprehensive, More Accurate and now 2X Faster
In-depth analysis of JavaScript-rich sites and Single Page Applications Acunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such...
Important: Red Hat Security Advisory: rhvm-setup-plugins security update
An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Error: "Http/1.1 Internal Server Error 43531" When Enrolling Device to XenMobile
MAM enrollment is failing with below errors: 1. While authenticating from the Gateway Web Page -"Http/1.1 Internal Server Error 43531" 2. While attempting from the mobile device - "Enrollment Failed - There's a prblem with the server setup. Please contact your administrator"...
CVE-2018-11232
The etmsetupaux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service panic because a parameter is incorrectly used as a local variable...
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Version: ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, PM5XXX series. Tested o...
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application For iOS
This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swif 4 and Ruby iGoat Objective C was presented at: OWASP TOP 10 Mobile Reverse Engineering Runtime Analysis Data...
DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)
DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more...
Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC Intel wireless driver and related software DLL injection vulnerabilities
Intel Dual Band Wireless-AC, Tri-Band Wireless-AC, and Wireless-AC are wireless NIC products from Intel Corporation.Intel wireless drivers is one of the wireless NIC drivers.Autorun.exe is one of the Autorun.exe is an executable file; Setup.exe is an installation file. A security vulnerability...
hyperstart denial of service vulnerability
HyperHQ Hyper is a layered system based on virtualization. hyperstart is one of the launchers. A security vulnerability exists in the 'containersetupmodules' and 'hyperrescanscsi' functions of the container.c file in hyperstart version 1.0.0 in HyperHQ Hyper. ' functions contain a security...
Unprotected Web App / Device Installers (HTTP)
The script attempts to identify installation/setup pages of various web apps/devices that are publicly accessible and not protected by e.g. account restrictions or having their setup finished. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced...