Information Leakage Via Error Pages

fatfreecrm is vulnerable to information leakage via error pages. The vulnerability is possible because considerallrequestslocal is set to true by default in production mode, exposing the server setup information in 404 and 500 error pages...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Simple Vulnerability Remediation Collaboration with InsightVM

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security team...

Error "cannot connect to the hypervisor at <ADDRESS> object reference not set to an instance of an object" when running the XDSW

When running the XenDesktop Setup Wizard, it can fail with the following error: "cannot connect to the hypervisor at object reference not set to an instance of an object" The string will contain the actual URL of the vCenter Server. This issue can appear when the DataCenter name on the VMWare sid...

EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...

Information Disclosure

github.com/lxc/lxd is vulnerable to information disclosure. This is because it uses world-readable permissions for /var/lib/lxd/zfs.imgwhen setting up a ZFS pool. Using this flaw local users can read and copy data from arbitrary containers...

MODX Revolution Directory Traversal Vulnerability (CNVD-2017-06899)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A directory traversal vulnerability exists in MODX Revolution version 2.5.7. The vulnerability arises du...

Directory traversal

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

Targeted WPA2-Enterprise Evil Twin Attacks: eaphammer

Targeted WPA2-Enterprise Evil Twin Attacks EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that...

How to Integrate StoreFront and XenMobile when XenMobile is enabled with Domain and Certificate Based Authentication

This article will guide you with the steps to enable XenMobile server and StoreFront Server integration when XenMobile environment is enabled withCertificate + Domain based authentication. To achieve the above use case, you as an admin need to setup the following. 1. Configure/Enable XenMobile...

MultiScanner - Modular File Scanning/Analysis Framework

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by...

Equation organization leaked windows framework vulnerability tool Esteemaudit RDP vulnerability

1. Reproduction environment: • Windows 2003 sp2 x86 •Windows 2003 configuration the domain server Domain server set up please refer to: https://wenku.baidu.com/view/430e9e96964bcf84b9d57bd4.html） 2. Environment to build: From https://yadi.sk/d/NJqzpqo3GxZA4 download the leaked file Under linux by...

CVE-2017-3881: Cisco Catalyst switches remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Your Catalyst switches whether to enable the telnet in? If Yes, it would have to be careful. This article will be to introduce the reader for the equipped with the latest firmware the Catalyst 2960 switch the remote code execution vulnerability proof-of-concept attack technique. Specific exploit...

Trend Micro Threat Discovery Appliance arbitrary files deletion (CVE-2016-7552)

A file delete in the logoff.cgi interface that allows for an authentication bypass CVE-2016-7552. A command injection in the adminsystime.cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Trend Micro are not patching this vulnerability since this product is no...

Silicon Graphics LibTIFF 'JPEGSetupEncode' Function Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in the 'JPEGSetupEncode' function of the tiffjpeg.c file in...

Broadcom Wi-Fi SoC - Heap Overflow in wlc_tdls_cal_mic_chk Due to Large RSN IE in TDLS Setup Confirm

Exploit for hardware platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1047 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are...

Broadcom: Heap overflow in "wlc_tdls_cal_mic_chk" due to large RSN IE in TDLS Setup Confirm frame (CVE-2017-0561)

Broadcom produces the Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. One of the events handled by the BCM...

Broadcom Wi-Fi SoC - Heap Overflow &#039;wlc_tdls_cal_mic_chk&#039; Due to Large RSN IE in TDLS Setup Confirm Frame

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1047 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without...

Broadcom Wi-Fi SoC - Heap Overflow wlc_tdls_cal_mic_chk Due to Large RSN IE in TDLS Setup Confirm Frame

Broadcom Wi-Fi SoC - Heap Overflow wlctdlscalmicchk Due to Large RSN IE in TDLS Setup Confirm Frame Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1047 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in bot...

MODX Revolution 'setup/templates/findcore.php' file remote code execution vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/templates/findcore.php file in MODX Revolution 2.5.4-pl and...