1351 matches found
OWA for hackers: ExchangeRelayX
ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...
Novell NetIQ Access Manager dhost Service Shared Memory Section Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Micro Focus NetIQ eDirectory Information Disclosure Vulnerability
Micro Focus NetIQ eDirectory is an identity management infrastructure platform from Micro Focus UK that combines identity management architecture and directory services technology. The platform provides authentication policies, data backup and recovery services, and data disaster recovery. An...
Information disclosure
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage...
CVE-2018-7686
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage...
CVE-2018-7686
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage...
NetScaler MAS Reports High Memory Utilization
User receives alerts related to high memory usagehowever they do not observe any latency or performance related issue. From var/log ns.log we see logs related to high memory and from mpsservice.log we see messages related to out of shared memory. Tuesday, 20 Mar 18 14:26:18.845 +1100 Debug Main...
WebAssembly Changes Could Ruin Meltdown/Spectre Browser Patches
Upcoming changes to the WebAssembly Wasm format may defang the browser patches for infamous side-channel attacks Meltdown and Spectre. Wasm was invented to improve execution speed for porting desktop applications to web-based environments; programs are compiled in Wasm and then can easily be run ...
OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)
The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...
openSUSE Security Update : apache2 (openSUSE-2018-438)
This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...
[SECURITY] [DSA 4182-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4182-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 28, 2018 https://www.debian.org/security/faq -...
Google Chrome elevation of privilege vulnerability (CNVD-2018-09121)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in versions prior to Google Chrome 65.0.3325.146, which stems from the program's failure to assign the correct permissions to shared memory. A remote attacker could exploit this...
Google Chrome elevation of privilege vulnerability (CNVD-2018-09120)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in versions prior to Google Chrome 65.0.3325.146, which stems from the program's failure to assign the correct permissions to shared memory. A remote attacker could exploit this...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:0879-1)
This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...
IBM DB2 Shared Memory Insecure Permissions Vulnerability
Summary An exploitable shared memory permissions vulnerability exists in the functionality of IBM DB2 10.5.0.7. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Tested Versions IBM DB2 10.5.0.7 Product URLs...
CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
Design/Logic Flaw
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
DEBIAN-CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
ALPINE-CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...