7872 matches found
How to properly bind WEM agent machines with WEM broker server on a first time setup
This article explains how to properly bind the WEM agent machines to the WEM broker server on a first time setup of the Citrix Workspace Environment Management product...
EulerOS 2.0 SP3 : setup (EulerOS-SA-2018-1394)
According to the version of the setup package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Note that Tenable Network Security has extracted the preceding...
The vulnerability of the Extensible Authentication Protocol over LAN (EAPOL) implementation in Cisco router microsoftware of the Small Business 100 Series and Small Business 300 Series models allows a hacker to disclose protected information.
The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in Cisco router software of the Small Business 100 Series and Small Business 300 Series models arises due to errors in the EAPOL message processing mechanism during Wi-Fi connection establishment. Exploiting...
Veil - Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. Veil is current under support by @ChrisTruncer Software Requirements: The following OSs are officially supported: Debian 8+ Kali Linux Rolling 2018.1+ The following OSs are likely able to run Veil: Ar...
Scientific Linux Security Update : setup on SL7.x (noarch) (20181030)
Security Fixes : - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119199; scriptversion"1.5";...
CVE-2018-13315
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...
CVE-2018-13315
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...
Modular Distributed Fingerprinting Engine: Scannerl
Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning. Scannerl works on...
Serial number disclosure in the FortiOS PPTP server hostname protocol field
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol...
setup security update
CentOS Errata and Security Advisory CESA-2018:3249 An update for setup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
vulhub
It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable docker environments, including a web application vulnerable to various attacks. The tool is designed to help developers and security researchers test and demonstrate the effectiveness of web...
CVE-2018-19244
An XML External Entity XXE vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked...
Denial Of Service (DoS)
libaudiofile.so is vulnerable to denial of service DoS. The attacker can input a malicious caf file to trigger a NULL pointer dereference through ModuleState::setup in modules/ModuleState.cpp...
Setup only possible with sending user statistics
One of our customers reported an error: panel There is a problem with the setup of the new version of SourceTree 3.0.8. In the last screen the preferences are requested. It is not possible to click "Weiter" Continue without checking the second option. !Preferences.png|thumbnail! But this needs to...
Setup only possible with sending user statistics
One of our customers reported an error: panel There is a problem with the setup of the new version of SourceTree 3.0.8. In the last screen the preferences are requested. It is not possible to click "Weiter" Continue without checking the second option. !Preferences.png|thumbnail! But this needs to...
Oracle Linux 7 : setup (ELSA-2018-3249)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3249 advisory. 2.8.71-10 - fix crudp name in /etc/protocols 1566469 - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells 1571104 Tenable has extracted the precedin...
Scannerl - The Modular Distributed Fingerprinting Engine
Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning. Scannerl works on...
389-ds-base security, bug fix, and enhancement update
1.3.8.4-15 - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch 1.3.8.4-14 - Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack 1.3.8.4-13 - Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in deletepasswdPolicy when...
CVE-2018-3910
An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability...
CVE-2018-3910
Yi Home Camera 27US 1.8.7.0D is affected by CVE-2018-3910 in the cloud OTA setup. Cisco Talos reports an exploitable remote code execution via a crafted SSID that triggers a command injection in the cloudAPI flow, which can be executed on the device after the camera connects to the attacker’s SSI...