SUSE SLED12 / SLES12 Security Update : kdump (SUSE-SU-2016:2553-1)

This update for kdump provides several fixes and enhancements : - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked ...

openSUSE Security Update : kdump (openSUSE-2016-1215)

This update for kdump provides several fixes and enhancements : - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked ...

D-Link DWR-932B LET Router WPS PIN Generator Vulnerability

The D-Link DWR-932B LET is a wireless router. A vulnerability exists in the WPS PIN generator of the D-Link DWR-932B LET router. Since a user can temporarily generate a new WPS PIN via the router's web management interface, an attacker can exploit the vulnerability to use the PIN to access a...

SUSE-SU-2016:2553-1 Security update for kdump

This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked b...

OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2i. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2i advisory. - Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to...

org.ovirt.engine-root: engine-setup logs contained information for extracting admin password

A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates which could then be used to steal other sensitive information such as passwords...

CVE-2016-6536

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

Design/Logic Flaw

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

Cisco EPC 3925 - Multiple Vulnerabilities

Exploit for asp platform in category web applications Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection...

Cisco EPC 3925 XSS / CSRF / HTTP Response Injection / DoS

Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection via 'Lang' Cookie 2. DoS via 'Lang' Cookie 3. DoS in...

PT-2016-3140 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.7.7 Description: The issue is related to the aio mount function in fs/aio.c, which does not properly restrict execute access. This allows a local attacker to bypass intended SELinux W^X policy restrictions and...

swarm - A Modular Distributed Penetration Testing Tool

Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new...

CVE-2016-3889

Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing 1 an external tile from a system application, 2 the help feature, or 3 the Settings application during a pre-setup stage, aka...

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure

The vulnerability of the QEMU hardware emulation software is related to the implementation of the VMWARE Paravirtual SCSI PVSCSI mechanism. Exploiting this vulnerability allows a malicious actor to trigger a service failure by manipulating the PVSCSICMDSETUPRINGS or PVSCSICMDSETUPMSGRING command...

DEBIAN-CVE-2016-4952

QEMU aka Quick Emulator, when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds array access via vectors related to the 1 PVSCSICMDSETUPRINGS or 2 PVSCSICMDSETUPMSGRING SCSI command...

How to Configure a Store Using PowerShell

This article lists and explains the commands to create and configure a store using PowerShell...

Cisco SNMP RCE vulnerability reproduction process-vulnerability warning-the black bar safety net

NSA data leaked, many cattle are given in the analysis report, let me benefit. As a technical noob, want to share the following analysis\eqgrp-free-file\Firewall\EXPLOITS\EXBA ideas, build vulnerability of the environment of the process and Use Conditions of the test. This article has a very stro...