7872 matches found
Cisco Unified Communications Manager Mobile and Remote Access Security Bypass Vulnerability
Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from the American company Cisco. A security vulnerability exists in CUCM's Mobile and Remote Access MRA service implementation. A remote attacker could exploit this vulnerabilit...
The vulnerabilities of the Wi-Fi Protected Access WPA Supplicant client, the Jouni Malinen Hostapd software access point, and the openSUSE operating system allow a hacker to trigger a service failure.
Multiple vulnerabilities exist in the Wi-Fi Protected Access WPA Supplicant software, the Jouni Malinen Hostapd access point software, and the openSUSE operating system. These vulnerabilities are related to integer handling errors. Exploitation of these vulnerabilities could allow a malicious act...
ArticleSetup Article Script 1.00 - SQL Injection
Exploit Title : Article Script SQL Injection Vulnerability Exploit Author : Linux Zone Research Team Vendor Homepage: http://articlesetup.com/ Google Dork : inurl:/article.php?id= intext:Powered By Article Marketing Software Link : http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip Dat...
libreoffice: Integer underflow in PrinterSetup length
An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file...
CVE-2015-6410
The Mobile and Remote Access MRA services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283...
CVE-2015-6410
Cisco Unified Communications Manager’s Mobile and Remote Access (MRA) services contain an identity-validation flaw that allows remote attackers to spoof a user and bypass call-reception/ call-setup restrictions. Root cause: edge-device identity validation mishandling (Bug CSCuu97283). Affected pr...
CVE-2015-6410
The Mobile and Remote Access MRA services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283...
The vulnerability of the OpenSUSE operating system, the Wi-Fi Protected Access Point software WPA Supplicant, and the Jouni Malinen-hosted Hostapd software allow a intruder to trigger a service failure.
The vulnerability of the WPS UPnP function in the openSUSE operating system, the Wi-Fi protected access client WPA Supplicant, and the Jouni Malinen-hostapd software access point is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause a service failure by...
How to Install Let's Encrypt Free SSL Certificate On Your Website
Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone. Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS Secure Socket Layer/Transport Layer Security certificates for their web servers and to set up HTTPS websites in a few simple...
openSUSE Security Update : dracut (openSUSE-2015-846)
This update for dracut fixes the following issues : - Skip ibft setup via dhcp if dhcp ip is 0.0.0.0 boo953361 Added 0312-iscsi-skip-ibft-invalid-dhcp.patch - Modify 0169-enabled-warning-for-failed-kernel-modules-per-defau l.patch - Add notice boo952491 - Refresh patches with line offsets: M...
Novell openSUSE dracut Package Symbolic Link Vulnerability
Novell openSUSE is a set of free Linux-based operating systems from the American company Novell. A security vulnerability in the modules.d/90crypt/module-setup.sh file in Novell openSUSE's dracut allows a local attacker to corrupt system files via a symbolic link attack in /tmp/dracutblockuuid.ma...
binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()
A buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user...
Mail.ru: [gitmm.corp.mail.ru] Auth Bypass, Information Disclosure
Закрылись ото всех .htaccess-ом, но как-то неправильно выставили права. Я подозреваю, что на конкретные файлы. Или тут просто нижележащий .htaccess имеет приоритет над вышележащим. Ну тем не менее... Тут админка. https://gitmm.corp.mail.ru/login Тут установщик. https://gitmm.corp.mail.ru/setup...
3 6 0 secure routing P1 there is an unauthorized access vulnerability that can be read password-vulnerability warning-the black bar safety net
javascript/router/wanconfigshow. cgi, javascript/router/wanconfigset. cgi, javascript/router/logget. cgi and a cgi does not require login to access, wherein javascript/router/wanconfigshow. cgi via the post can directly access Internet setup information, including the ppoe username and password,...
Debian Security Advisory DSA 3394-1 (libreoffice - security update)
Multiple vulnerabilities have been discovered in LibreOffice, a full-featured office productivity: CVE-2015-4551Federico Scrinzi discovered an information leak in the handling of ODF documents. Quoting from https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/ : The LinkUpdateMo...
Security Onion - Linux Distro For Intrusion Detection, Network Security Monitoring, And Log Management
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an...
Mail.ru: [api.allodsteam.com] Authentication Data
api.allodsteam.com had an open public folder with some sensitive information for initial server setup, including sensitive internal documentation and database dumps...
ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network
Decentralized websites using Bitcoin crypto and the BitTorrent network - http://zeronet.io Why? We believe in open, free, and uncensored network and communication. No single point of failure: Site remains online so long as at least 1 peer serving it. No hosting costs: Sites are served by visitors...
SMF (Simple Machine Forum) 2.0.10 Remote Memory Exfiltration
!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...
SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration
!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...