Wyse Machine Remote Power off (DOS) without any privilege

No description provided by source. require 'msf/core' class Metasploit3 Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos def initializeinfo = superupdateinfoinfo, 'Name' = 'Wyse Machine Remote Power off DOS', 'Description' = %q This module...

Ground Control <= 1.0.0.7 (Server/Client) Denial of Service Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h include winerr.h define close closesocket define ONESEC 1000 else include unistd.h include sys/socket.h include sys/types.h include arpa/inet.h...

PlatinumFTP <= 1.0.18 Multiple Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl pftpdos-ai1.pl - Remote DoS against PlatinumFTP 10.1.18 Details:http://seclists.org/lists/bugtraq/2005/Mar/0222.html If you don't get the server down try to change/play a little bit with the Timeout ports at securityforest dot com | greetings to...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

Cross site request forgery (csrf)

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

CVE-2014-4048

CVE-2014-4048 affects the Asterisk Open Source PJSIP Channel Driver up to version 12.3.0. An attacker (remote, potentially after bypassing authentication per AST-2014-008) can terminate a subscription before it completes, triggering a SIP transaction timeout and causing a deadlock in the thread s...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

Asterisk PJSIP Channel Driver Multiple DoS Vulnerabilities (AST-2014-005 / AST-2014-008)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following denial of service vulnerabilities in the PJSIP channel driver : - A flaw exists in the publish / subscribe framework when an attempt to unsubscribe is made when...

RelateIQ: SSRF (Portscan) via Register Function (Custom Server)

Hi, the custom server option during registration allows performing portscans or "Server Side Request Forgery" from "relateiq" systems to external and potential internal systems. the following is a sample request used excluding cookies: POST /app/GWT.rpc HTTP/1.1 Host: app.relateiq.com User-Agent:...

rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

Unable to retrieve next block transmission command when backing up to tape from a Linux repository

Challenge When backing up to tape from a Linux repository, the following error may appear: Unable to retrieve next block transmission command. Number of already processed blocks: number of blocks. The log file contains the following information: cli| WARN|Tape Default EOM Warning 2147483648!...

Asus RT Password Disclosure Vulnerability

ASUS RT series of routers disclose administrative credentials. This is true for the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U models. In mid February, I wrote that a substantial portion of ASUS wireless routers would fail to update their...

EMC VPLEX GeoSynchrony会话超时验证安全限制绕过漏洞

Bugtraq ID:66516 CVE ID:CVE-2014-0633 EMC VPLEX GeoSynchrony是虚拟机数据存储软件。 VPLEX GeoSynchrony存在VPLEX GUI会话超时验证漏洞，远程攻击者可以利用漏洞绕过安全限制，获取敏感信息。 0 EMC VPLEX GeoSynchrony 4.0-5.2.1 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.emc.com/products-solutions/index.htm...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

Design/Logic Flaw

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

CVE-2013-7347

CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...

CVE-2013-7347

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

CVE-2014-0633

EMC VPLEX GeoSynchrony GUI has a session-timeout validation flaw in versions 4.x and 5.x prior to 5.3, which could allow remote attackers to execute arbitrary code by leveraging an unattended workstation. The issue affects VPLEX GeoSynchrony 4.0–5.2.1, with EMC recommending upgrading to version 5...