OpenSSL ECDSA P-256 Private Key Acquisition Vulnerability

OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...

Damn Vulnerable Web Sockets: DVWS

Damn Vulnerable Web Sockets Damn Vulnerable Web Sockets DVWS is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA . You will find more vulnerabilities than the ones listed in the application. Requirements In the...

Update Rollup 4 for Microsoft Azure Site Recovery Provider

Update Rollup 4 for Microsoft Azure Site Recovery Provider This article describes the improvements that are included in Update Rollup 4 for Microsoft Azure Site Recovery Provider. Learn about the details of the improvements and the prerequisites that should be validated before you install this...

How to Setup Time on XenServer Manually When There Is No NTP Server

This is a situation where you don't have an AD , DC ,DNS or an NTP server in the environment to point the servers for syncing time...

SUSE-SU-2016:3300-1 Security update for samba

This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441 - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. bsc1014442 Non security issues fixed: ...

SUSE-SU-2016:3298-1 Security update for samba

This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441 - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. bsc1014442 Non security issues fixed: ...

Error: "FullAdmin or MachineAdmin Permission Required" in XenDesktop Setup Wizard

XenDesktop setup wizard fails with permissions error. "XenDesktop FullAdmin or MachineAdmin permission required"...

XenDesktop Setup Wizard fails on a Hyper-V Environment

The XenDesktop Setup Wizard might fail when creating Targets on a Hyper-V Environment under the following Scenarios: The vDisk is set to any kind of Write Cache that includes a Local Hard disk BDM Partition is selected as the Boot method for the Targets The XenDesktop Setup Wizard might present t...

Shield Spirit Public Promotion System setup.php has a reinstallation vulnerability

Shield Spirit public number promotion system is mainly applied to public number promotion affiliate. A reinstallation vulnerability exists in Shield Spirit Public Promotion System setup.php. As the program fails to validate the installation, an attacker can reinstall the system by exploiting the...

SDN Security Evaluation Framework: DELTA

DELTA is a penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique. Agent-Manager is the control tower. It takes full control over all...

CVE-2016-4443

Red Hat Enterprise Virtualization RHEV Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file...

PT-2016-5960 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization RHEV Manager version 3.6 Description: The issue allows local users to access sensitive information, including encryption keys and certificates, by reading the engine-setup log file. Recommendations: For Red H...

Google Chrome (Fedora 25 Ubuntu 16.04) - tracker-extract gnome-video-thumbnailer + totem Drive-By Download

Google Chrome Fedora 25 Ubuntu 16.04 - tracker-extract gnome-video-thumbnailer + totem Drive-By Download Source: https://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html Overview Full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out...

Apple iCloud Setup Remote Code Execution Vulnerability

Apple iCloud is a cloud service from Apple USA that supports storage of music, photos, apps, contacts, etc. iCloud Setup is one of the installation components. A remote code execution vulnerability exists in Apple iCloud Setup version 6.0. An attacker can exploit this vulnerability to execute...

VMware vCenter Server 5.5.x < 5.5u3e / 6.0.x < 6.0u2a Multiple XXE Vulnerabilities (VMSA-2016-0022)

The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5u3e or 6.0.x prior to 6.0u2a. It is, therefore, affected by multiple XML external entity XXE vulnerabilities : - Multiple XML external entity XXE vulnerabilities exist in the Log Browser, the Distributed Switch...

Oracle Linux 7 : postgresql (ELSA-2016-2606)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2606 advisory. 9.2.18-1 - update to 9.2.18 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-18.html...

geoip-attack-map - Cyber Security GeoIP Attack Map Visualization

This geoip attack map visualizer was developed to display network attacks on your organization in real time. The data server follows a syslog file, and parses out source IP, destination IP, source port, and destination port. Protocols are determined via common ports, and the visualizations vary i...

Boot Signal fails while reboot and shutdown signal works properly

The machines created from Streaming VM setup wizard are unable to boot when boot signal is sent from the PVS console. If we send the reboot or shutdown signal it reboots or shuts down the machines...

The vulnerability of the SELinux security mechanism, which allows a perpetrator to circumvent existing access restrictions

The vulnerability of the SELinux security mechanism is related to code errors. Exploiting this vulnerability can allow an attacker, who operates locally, to gain access to memory with write and execute privileges by manipulating system calls such as iosetup, ioctxalloc, and aiosetupring...

Open-Xchange: Stored XSS in Template Documents

Steps to reproduce: Setup: Edit My Contact Data: - first name: ' onmouseover=alert1 data-first=' - last name: anything 1. Create a new text document, and make sure it is saved. 2. Click Review, check "Track Changes". 3. Make another edit, it should show coloured now as it is tracked. 4. Click Fil...