Phabricator: IRC-Bot exposes information

You can setup the IRC-Bot, and set it into private channels, so that it posts only information about tasks into private channels. Example: T698 T698: Task title - https://url.example.org/T698 The problem is, that, if the bot is online in IRC, you can send him task numbers via private messages, an...

CVE-2017-4969

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...

Microsoft Windows taskschd.msc Privilege Escalation Vulnerability

Microsoft Windows taskschd.msc local SYSTEM privilege escalation exploit. Microsoft Windows 'taskschd.msc' Local SYSTEM Privilege Escalation Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY...

Microsoft Windows taskschd.msc Privilege Escalation

Microsoft Windows 'taskschd.msc' Local SYSTEM Privilege Escalation Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especiall...

[SECURITY] Fedora 26 Update: ansible-2.3.0.0-1.fc26

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

CVE-2016-5068

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for EmbeddedAceGetTask.cgi requests...

Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn

Apple macOS Kernel 10.12.3 16D32 - Use-After-Free Due to Double-Release in posixspawn / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1104 exechandleportactions is responsible for handling the xnu port actions extension to posixspawn. It supports 4 different types of port...

Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ Introduction Problem description: The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from userspace for emulating o...

Faraday v2.4 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

Dr0p1t-Framework 1.2 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ; Features Framework works with Windows and Linux Download executable on target system and...

CVE-2015-3883

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

Using Task Scheduler to automate the collection of CDF traces

It gets difficult at times when we need to capture CDF traces for a specific period of time. We have different tools like CDF Control, Scout and CDF Monitor, however it requires manual intervention to start and stop the traces and yet there are chances that the traces might get over-written if yo...

The vulnerability of the iOS operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Springboard component in the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a local attacker to obtain confidential information by viewing the application’s screenshot in the Task Switcher program...

CVE-2016-7759

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher...

CVE-2016-7759

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher...

Information disclosure

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher...

CVE-2016-7759

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher...

Dr0p1t-Framework - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? you can read about them from here . Dr0p1t let you create dropper like any tool but this time FUD with some tricks ; Features Works with Windows and Linux Adding malware after downloading it to startup Adding malware after downloading it to task schedul...

CVE-2016-0202

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain...

CVE-2016-0203

A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to...