MODX Revolution 'setup/controllers/welcome.php' file remote code execution vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/welcome.php file in MODX Revolution 2.5.4-pl an...

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...

mapr Information Disclosure

Hello, The mapr web frontend component creates an information disclosure vulnerability. During the setup of mapr the configure.sh script calls a function ConfigureWSRole: function ConfigureWSRole if $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ; then ConfigureRunUserForWS fi This...

Setting up a default landing page on Storefront 3.0

The article describes how to set the default landing page in x1 / 3.x on StoreFront 3.x...

PVS targets experience BSOD: IRQL Not Less or Equal on targets created using XDSW when booting for the first time

PVS Target devices created using Xendesktop Setup Wizard are running in toa blue screen of death issue. The error message displayed on the BSOD screen shows the following message: Your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for yo...

NetScaler Double Hop Communication Flow with StoreFront

This article explains how the communication flow works when we configure NetScaler in double hop with StoreFront...

pfsense 2.3.2 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: pfsense 2.3.2 Fixed in: 2.3.3 Fixed Version Link: https://pfsense.org/download/ Vendor Website: https://www.pfsense.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 02/06/2017 Disclosed ...

MaxPatrol 8 installation process

Today I have a great opportunity to write about MaxPatrol 8. For me it is a very nostalgic experience. I worked for many year in Positive Technologies developing this product. And now I can write about it from the customer side. MaxPatrol is still not very well known outside Russia and CIS,...

How to configure ADFS Claim Rules and StoreFront with Multiple Domains

How to configure ADFS Claim Rules and StoreFront with multiple domains?...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Setup Wizard component in the Android operating system is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to require user input for Google accounts after a reboot. This could lead to service interruptions and even cause...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Setup Wizard component in the Android operating system is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to cause service failures, as well as lead to the device becoming completely unusable and requiring recompiling...

Cobbler 2.8.0 - (Authenticated) Remote Code Execution

Cobbler 2.8.0 - Authenticated Remote Code Execution !/usr/bin/python """ Exploit title: Cobbler 2.8.x Authenticated RCE. Author: Dolev Farhi Contact: dolevf at protonmail.com @hack6tence Date: 03-16-2017 Vendor homepage: cobbler.github.io Software version: v.2.5.160805 Software Description...

Google Android Setup Wizard Denial of Service Vulnerability

Google Android is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA, of which Mediaserver is a multimedia service component. A denial of service vulnerability exists in Google Android Setup Wizard. An attacker can exploit this vulnerability to cause ...

CVE-2017-6189

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

cve-2017-5638 cve-2017-5638 Vulnerable site sample This proje...

How to Remove and Replace a NetScaler in High Availability (HA) Pair Setup

This article helps you address RMA replacements and includes instruction on how to backup configurations, upgrade or downgrade shipped software version, and setup of RPC password on NetScaler. Before you Begin Label all interfaces/cables prior to swap Requirements A Windows client or server with...

Windows 10 hangs during setup

Windows 10 will be imported but new desktop creation or adding layers may cause the Desktop to hang during Setup...

Arbitrary code execution vulnerability in Shield Spirit public number promotion system setup.php page

Shield Spirit Public Promotion System is a product that is mainly applied to public promotion alliance. An arbitrary code execution vulnerability exists in the setup.php page of the Shield Spirit Public Promotion System. Allow attackers to exploit the vulnerability to directly execute code...

filtron - Filtering reverse HTTP proxy

Reverse HTTP proxy to filter requests by different rules. Can be used between production webserver and the application server to prevent abuse of the application backend. The original purpose of this program was to defend searx , but it can be used to guard any web application. Installation and...

CVE-2017-0498

A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android I...