Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation

Note: PoC will now hijack the print spooler service - spoolsv.exe - as it required less code then hijacking printfilterpipelinesvc.exe, which was shown in the original video demo Description of the vulnerability The task scheduler service has an alpc endpoint, supporting the method...

January 17, 2018—KB4057401 (Preview of Monthly Rollup)

January 17, 2018—KB4057401 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4056895 released January 8, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses...

DependencyCheck v3.3.1 - A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies

Dependency-Check is a Software Composition Analysis SCA tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration CPE identifier for a given dependency. If found, it will generat...

HPE XP P9000 Command View Advanced Edition Software Cross-Site Scripting Vulnerability

HPE XP P9000 Command View Advanced Edition Software CVAE is a suite of device management software from Hewlett Packard Enterprise HPE that enables storage management for HPE XP P9000 disk array products.DevMgr , TSMgr, and RepMgr are among the management modules. A cross-site scripting...

HPE XP P9000 Command View Advanced Edition Software Open URL Redirection Vulnerability

HPE XP P9000 Command View Advanced Edition Software is a full-featured device manager for HPE XP P9500 and XP disk array products. An open URL redirection vulnerability exists in DevMgr, TSMgr, and RepMgr in HPE XP P9000 Command View Advanced Edition Software CVAE 7.0.0-00 - 8.60-00 excluding...

CVE-2018-7090

HPE XP P9000 Command View Advanced Edition Software CVAE has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr...

Unidesk Appliance Backup Utility scheduled task must be run as the same user who ran the tool

When you make a scheduled appliance backup task with the utility, the task must specify the same Run As user as the one you're logged in with when you run the tool. Otherwise, your encrypted passwords for vCenter and the MA will be unavailable. You will see errors like this in the Appliance Backu...

[SECURITY] Fedora 27 Update: ansible-2.6.1-1.fc27

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 28 Update: ansible-2.6.1-1.fc28

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

RHEL 7 : ansible (RHSA-2018:2151)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2151 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH a...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Kernel: FPU state information leakage via lazy FPU restore

A Floating Point Unit FPU state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker cou...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Akiee Cross-Site Scripting Vulnerability

Akiee is a cross-platform Markdown-based task manager. A cross-site scripting vulnerability exists in the 'details' of tasks in Akiee version 0.0.3. A remote attacker can exploit this vulnerability to execute arbitrary code by tricking a user into opening a specially crafted liveflow.md file...

MyBB Group MyBB File Inclusion Vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. MyBB Group A file inclusion vulnerability exists in the Admin panel Tools and Maintenance - Task...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-1000543

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a...

CVE-2018-1000502

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel Tools and Maintenance - Task Manager - Add New Task that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have...

Cross site scripting

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a...

Design/Logic Flaw

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel Tools and Maintenance - Task Manager - Add New Task that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have...