CVE-2018-1000502

The CVE-2018-1000502 in MyBB concerns a File Inclusion vulnerability in the Admin panel (Tools and Maintenance → Task Manager → Add New Task). The issue allows Local File Inclusion on newer PHP versions and Remote File Inclusion on older PHP versions when an attacker has admin access. Affected so...

CVE-2018-1000502

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel Tools and Maintenance - Task Manager - Add New Task that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have...

[SECURITY] Fedora 27 Update: ansible-2.5.5-2.fc27

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

WFICA32.exe Shows 100% CPU usage in Task Manager

WFICA32.exe on client shows 100% CPU usage in Task Manager...

Pulp Information Disclosure Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A security vulnerability exists in Pulp, which stems from the program passing sensitive information to the 'overrideconfig' object when a task is...

CVE-2018-1090

In Pulp (before version 2.16.2), secrets are passed into override_config when triggering a task, making them readable to any user with read access on the distributor/importer. This leads to information disclosure via the API: an attacker with API access can view sensitive credentials. The issue i...

CVE-2018-5756

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...

Kernel: FPU state information leakage via lazy FPU restore

A Floating Point Unit FPU state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker cou...

Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?

Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering: | Strengthen yo...

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal

Dear subscribers, we've migrated our public disclosure workflow to full-disclosure and are catching up on publishing recent vulnerabilities through this channel. Feel free to join our bug bounty programs open-xchange, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange...

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver / nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when on...

F5 Networks BIG-IP : Apache vulnerability (K00373024)

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

Microsoft Windows 10: Log on as a batch job

This policy setting determines which accounts can log on by using a batch-queue tool such as the Task Scheduler service. When you use the Add Scheduled Task Wizard to schedule a task to run under a particular user name and password, that user is automatically assigned the Log on as a batch job us...

Microsoft Windows 10: Replace a process level token

This policy setting determines which parent processes can replace the access token that is associated with a child process. Specifically, the Replace a process level token setting determines which user accounts can call the CreateProcessAsUser application programming interface API so that one...

Space not freed up after force-canceling a task

When editing a layer or publishing an image, you see extra space consumed in the "Layering Service" Local Storage normally. You attempt to cancel the operation, but the task does not cancel. Eventually after 60 minutes the cancel operation gets to the Stalled state, allowing you to force-cancel t...

Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...

Logic design vulnerability in CSCMS Skin.php file

Cheng's CMS content management system referred to as CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology. A logical design vulnerability exists in the CSCMS Skin.php file. The vulnerability is due to unfiltered processing of user-supplied...

IBM Business Process Manager Information Disclosure Vulnerability (CNVD-2018-08191)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A security vulnerability exists in IBM BPM version 8...