CVE-2018-6169

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page...

UBUNTU-CVE-2018-6169

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page...

CVE-2018-6169

Removed by vendor...

CVE-2018-6169

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page...

Citrix Provisioning Services Target Boot Up Fails with Error: "login request time out "

During device boot up, there will be an error "login request time out !"...

Denial Of Service (DoS)

pykmip is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of socket timeout, making it possible for DoS attacks to be performed...

Denial of service

When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and...

LDAP_Search - Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

LDAPSearch can be used to enumerate Users, Groups, and Computers on a Windows Domain. Authentication can be performed using traditional username and password, or NTLM hash. In addition, this tool has been modified to allow brute force/password-spraying via LDAP. LdapSearch makes use of Impackets...

Medium: httpd24

Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

Failed to call RPC function 'Vss.FinishSnapshot'

Article Applicability The first part of the error document in this article, Failed to call RPC function , is common and occurs anytime an RPC function cannot be invoked. This article is specifically related to an issue where the VSS snapshot closes prematurely because the KeepSnapshot RPC calls...

Sessions never expire due to continuous XHR

Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...

Sessions never expire due to continuous XHR

Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...

Xiaomi Mi Router 3 Command Injection Vulnerability (CNVD-2018-24496)

Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A system command injection vulnerability exists in the wifiaccess endpoint in Xiaomi Mi Router 3 version 2.22.15. The vulnerability can be exploited to execute system commands with the 'timeout' URL parameter...

CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

PXE-E32: TFTP open timeout

Unable to boot into the image...

Event 7011:Service Control Manager NLASVC Service Timings Out

PVS server becomes unresponsive with numerous event 7011 - A timeout 30000 milliseconds was reached while waiting for a transaction response from the Nlasvc service...

SUSE SLED12 / SLES12 Security Update : net-snmp (SUSE-SU-2018:3447-1)

This update for net-snmp fixes the following issues : Security issues fixed : CVE-2018-18065: setkey in agent/helpers/tablecontainer.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Deni...

Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability

Microsoft Active Directory Federated Services ADFS suffers from a time-based user enumeration vulnerability. + Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source:...

Microsoft Active Directory Federated Services (ADFS) User Enumeration

Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source: https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/ADFS-Timing-Attack Vendor: ========================== http://www.microsoft.com Product: =========== Active...

Traq 3.7.1 CSRF / XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications ================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers...