CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

UBUNTU-CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware, CVE-2017-16907 is a documented XSS in the Color field of a Create Task List action affecting Horde Groupware 5.2.19 and 5.2.21. Debian LTS advisories report fixes in php-horde-core (2.27.6+debian1-2+deb9u1) and php-horde (5.2.13+debian0-1+deb9u3) for Debian 9 stretch, indicati...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

Ulterius Directory Traversal Vulnerability

Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...

Creation of Platform Layer fails with a time out error from Vsphere

During creation of Platform layer, Task fails and we get an error on the App layering console as "A timeout occurred waiting for a vsphere task to complete"...

[SECURITY] Fedora 26 Update: ansible-2.4.1.0-2.fc26

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

Introducing GoCrack: A Managed Password Cracking Tool

FireEye's Innovation and Custom Engineering ICE team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI Figure 1 shows the dashboard to create, view, and manage...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

Magniber ransomware: exclusively for South Koreans

The Magnitude exploit kit has been pretty consistent over the last few months, dropping the same payload—namely, the Cerber ransomware—and targeting a few select countries in Asia. Strangely, Magnitude EK disappeared in late September, and for a while we wondered whether this was yet another...

Veeam ONE Business Shows Irrelevant Data

Challenge Veeam ONE Business View shows outdated data or no data at all Cause Veeam ONE Reporter collection task has stuck or failed Solution Running data collection manually You can run data collection for Veeam ONE Reporter and Veeam ONE Business View manually. This can be necessary when...

CVE-2017-15200

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user...

CVE-2017-15200

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user...

Authentication flaw

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...

CVE-2017-14972

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...

CVE-2017-14972

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...