CVE-2016-9851

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

CVE-2016-9851

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...

MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities

Binary data 9824.prm...

XenMobile Domain users unable to authenticate - LDAP response read timed out, timeout used

If domain users or admins are failing to authenticate to XenMobile, verify if the following error appears in the debug log 2016-04-05T10:25:50.128+0000 | 5EAF1FBBC192FC0D | WARN | http-nio-10080-exec-77 | com.sparus.nps.apple.security.AuthUtils | Forcing LDAP auth: cannot refresh user data:...

Error session termination mechanisms lead to account hijacking-vulnerability warning-the black bar safety net

Error session termination mechanisms Session termination is to secure the session period in one important aspect. Security implementation session tokens can effectively reduce the session hijacking attack. The session is terminated as the number of attack control mechanisms, such asXSS（cross-site...

Bypass logout timeout

PMASA-2016-62 Announcement-ID: PMASA-2016-62 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass logout timeout Description With a crafted request parameter value it is possible to bypass the logout timeout. Severity We consider this vulnerability to be of moderate severity. Affected Versions All...

USN-3126-1: Linux kernel vulnerabilities

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service system crash. CVE-2016-7042 Dmitry Vyukov discovered a use-after-free...

USN-3128-3 linux-snapdragon vulnerability

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service system crash...

USN-3128-1 linux vulnerability

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service system crash...

Shell to Meterpreter Upgrade

This module attempts to upgrade a command shell to meterpreter. The shell platform is automatically detected and the best version of meterpreter for the target is selected. Currently meterpreter/reversetcp is used on Windows and Linux, with 'python/meterpreter/reversetcp' used on all others. This...

Cgiemail 1.6 - Source Code Disclosure

!/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script included with cgiemail will return any...

DEBIAN-CVE-2016-7042

The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...

Memory corruption

The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...

CVE-2016-7042

The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...

UBUNTU-CVE-2016-7042

The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...

Linux kernel local denial of service vulnerability (CNVD-2016-09457)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'prockeysshow' function in the security/keys/proc.c file in Linux kernel versions 4.8.2 and earlier, which stems from a program...

CVE-2016-7042

It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...

HTTP 1.1 Gateway timeout error while accessing internal websites from Secure Web

HTTP 1.1 Gateway timeout error while accessing internal websites from Secure Web when traffic is tunneled through the NetScaler. This issue occurs when the MDX Policy is set for Secure Browse. If the preferred VPN mode on the app is set to FULL VPN TUNNEL, then the issue will not occur...

MYSQL Directory Write Test

Enumerate writeable directories using the MySQL SELECT INTO DUMPFILE feature, for more information see the URL in the references. Note: For every writable directory found, a file with the specified FILENAME containing the text test will be written to the directory. This module requires Metasploit...