eVisitorPass Elevation of Privilege Vulnerability

Threshold eVisitorPass is a visitor management system from Threshold Canada. A privilege-lifting vulnerability exists in Threshold eVisitorPass version 1.5.5.2. A local attacker could use this vulnerability to open the task manager, terminate processes, or start other processes...

CVE-2018-17496

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the...

CVE-2018-17496

CVE-2018-17496 affects the eVisitorPass kiosk application. The vulnerability stems from an error in kiosk mode that, when a user visits the kiosk and presses ctrl+shift+esc, allows opening the Task Manager to kill or launch processes, enabling local privilege escalation. The NVD description notes...

CapMon Access Manager Access Control Error Vulnerability (CNVD-2019-07542)

CapMon Access Manager is a set of access management software from CapMon Denmark. The software supports application whitelisting/blacklisting, audit logging, and more. An access control error vulnerability exists in the AccessManagerCoreService.exe and TaskTrayApplication.exe files in CapMon Acce...

Low: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

CVE-2019-9213

In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task...

[SECURITY] Fedora 28 Update: ansible-2.7.8-1.fc28

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 29 Update: ansible-2.7.8-1.fc29

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Cyber Security Week in Review (Feb. 22)

Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week U.S. officials charged a form...

Virtual VCR Max .0a - .vcr Buffer Overflow (PoC)

Virtual VCR Max .0a - .vcr Buffer Overflow PoC !/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max...

Debian DSA-4396-1 : ansible - security update

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : - CVE-2018-10855/ CVE-2018-16876 The nolog task flag wasn't honored, resulting in an information leak. - CVE-2018-10875 ansible.cfg was read from the current working directory. ...

[SECURITY] [DSA 4396-1] ansible security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2019 https://www.debian.org/security/faq -...

Android - binder Use-After-Free via fdget() Optimization Exploit

Android - binder Use-After-Free via fdget Optimization Exploit This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the...

Android - binder Use-After-Free via fdget() Optimization

This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the wahoo kernel and maybe elsewhere? but at least the android commo...

Cross site scripting

includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if users/admin/tasks.php exists...