CVE-2012-5030

Cisco IOS before 15.24S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service CPU consumption, watchdog timeout, crash by walking specific SNMP objects...

kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled

It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...

kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled

It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...

SSH Public Key Login Scanner

This module will test ssh logins on a range of machines using a defined private key file, and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Key files may be a single...

F5 with StoreFront session timeout closing active sessions

When the StoreFront session times out, it's closing active ICA sessions. We found the issue is only happening when authenticating via F5 frontend. When Authenticating via F5. After 20 minutes the Citrix Desktop and storefront session shuts down. After 17 minutes, a 3 mins countdown starts in the...

Application launch using Anonymous user account resets the Session Limit Timer to 10

While launching an application for unauthenticated/Anonymous user, the idle tab for the Anon account might default back to 10 minutes even after manually setting it to some other value. The following steps can be followed to test the behavior: From a VDA running 7.9 or higher, run the below .exe ...

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-0...

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.03p1-1145 3.03-1144-01 3.02p2-1141...

meredithwellness.com XSS vulnerability

Vulnerable URL: https://meredithwellness.com/index.php?emsg=Your%20session%20has%20timed%20out%20or%20expired.%20Please%20login%20to%20continue...

smartmovesplanner.com XSS vulnerability

Vulnerable URL: https://www.smartmovesplanner.com/Login.aspx?message=Session+has+timed+out"'--!confirmOPENBUGBOUNTY...

Power Managed Server VDA's does not receive shutdown request

Randomly some of the Power Managed Server VDA's receive a shutdown request approximately 20 mins after the scheduled reboot and do not power on automatically and remain Turned Off. Scout logs detect the following: Some Power Actions are marked as failures by Broker possibly because VDAs are not...

Microsoft Malware Protection Engine Denial of Service Vulnerability

A denial of service vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to a scan timeout. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affecte...

Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Dup Scout Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...

OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix DNSKEY that encountered a CNAME 1447869, ISC change 3391 - Fix CVE-2017-3136 ISC change 4575 - Fix CVE-2017-3137 ISC change 4578 - Fix and test caching CNAME before DNAME ISC change 4558 - Fix...

Denial Of Service (DoS)

github.com/gliderlabs/connectable is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not contain a timeout when waiting on the other system it wishes to connect to...

Brute Force Attacks

github.com/tyktechnologies/tyk is vulnerable to brute force attacks. The library does not have any timeout configured, allowing a malicious user to have numerous retries to brute force the password for an account...

Denial Of Service (DoS)

github.com/hlandau/acme is vulnerable to denial of service DoS attacks. A malicious user can have multiple clients connect to the redirector system and crash it because the redirector does not have a timeout...

OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 ISC change 4575 - Fix CVE-2017-3137 ISC change 4578 - Fix and test caching CNAME before DNAME ISC change 4558 - Fix CVE-2016-9147 ISC change 4510 - Fix regression introduced by...

CVE-2016-6338

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...

CVE-2016-6338

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...