Flexera InstallAnywhere Privilege Escalation Vulnerability - Linux

Flexera InstallAnywhere is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Flexera InstallAnywhere Privilege Escalation Vulnerability - Windows

Flexera InstallAnywhere is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

The above image is taken from here and was taken by Steve Jurvetson. EDIT: DigitalOcean seems to be getting a lot of flak from this post so I’d just like to point out that I feel DigitalOcean’s reaction in this case was entirely justified they saw an anomaly and they put a stop to it. The only...

Internet Bug Bounty: stack buffer overflows in the curses module

I found two stack buffer overflows in the curses module. These vulnerabilities have been reported to the PSRT and were fixed here: https://hg.python.org/cpython/rev/d5f6bc45b376 https://hg.python.org/cpython/rev/85b35300f200 Below are copies of the mails I sent to the PSRT. They describe the...

Uber: Attacker could setup reminder remotely using brute force

Hi, Attacker could setup the reminder for bulk no of amount of accounts using there phone no's. He could setup infinite no of reminders. Tried brute force for 100 times worked perfectly here is the link : https://widgets.uber.com/american-airlines-reminders/ Here any phone-no is accepted. Actuall...

How to configure XenMobile to use multiple domain suffix in LDAP config

Enroll devices using alternate upn suffix and configure Citrix Endpoint Management to use a domain suffix for authentication. Refer to Citrix documentation - Citrix Gateway and Endpoint Management...

NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)

NUUO NVRmini 2 NE-4160 ShellShock Remote Code Execution Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: Firmware Version: 02.02.00 NVR Version: 02.02.0000.0040 Device Pack Version: 04.07.0000.0030 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS...

Unable to Communicate With Hypervisor When Using XenDesktop Setup Wizard

Unable to Communicate with Hypervisor when using XenDesktop Setup Wizard. Logs display, "object reference not set to instance of an object" When running XenDesktop Setup Wizard, error states, "cannot connect to hypervisor" Logs shows an error when checking a particular hosting unit. Checked Host...

HellRaiser - Vulnerability Scanner

Install Install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04 Install redis-server and nmap. sudo apt-get update sudo apt-get install redis-server nmap Clone HellRaiser repository, change to hellraiser web app directory and run bundle install. git clone...

eCryptfs ecryptfs-setup-swap information disclosure vulnerability (CNVD-2016-05533)

eCryptfs Enterprise Cryptographic Filesystem is a set of disk encryption software for encrypted Linux systems maintained by software developers Dustin Kirkland and Tyler Hicks. The software is compatible with POSIX file system level encryption and supports file granularity file or directory...

eCryptfs ecryptfs-setup-swap Information Disclosure Vulnerability

eCryptfs Enterprise Cryptographic Filesystem is a set of disk encryption software for encrypted Linux systems maintained by software developers Dustin Kirkland and Tyler Hicks. The software is compatible with POSIX file system level encryption and supports file granularity file or directory...

CVE-2015-8946

ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors...

Design/Logic Flaw

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a 1 NVMe or 2 MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an...

CVE-2015-8946

ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2015-8946

ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors...

nightHawkResponse - Incident Response Forensic Framework

Custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple...

Incident Response Forensic Framework: nightHawk Response

Incident Response Forensic Framework Custom built application for asynchronus forensic data presentation on an ElasticSearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The application was born out of the...

Incorrect setup of external storage - ownCloud

The external storage functionality as implemented in ownCloud 9.0.x before 9.0.2 is improperly setting up external storages when multiple groups have been granted access to an external storage and a user is member of both groups. The storage class is setup without any setup information, leading t...

Server: Incorrect setup of external storage

The external storage functionality as implemented in ownCloud 9.0.x before 9.0.2 is improperly setting up external storages when multiple groups have been granted access to an external storage and a user is member of both groups. The storage class is setup without any setup information, leading t...

Error "Citrix License Server unavailable. Check the License Server to Make Sure It Is Running"

When setting up XenDesktop 7.1 or higher, the licensing node displays the following error message, "Citrix License Server unavailable. Check the license server to make sure it is running." Reference Screenshot:...