net-snmp: snmpd crashes/hangs when AgentX subagent times-out

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to timeout...

Fedora 20 : mingw-gnutls-3.1.22-1.fc20 (2014-3454)

Version 3.1.22 released 2014-03-03 - libgnutls: Corrected certificate verification issue GNUTLS-SA-2014-2 - libgnutls: Corrected issue in gnutlspcertlistimportx509raw when provided with invalid data. Reported by Dmitriy Anisimkov. - libgnutls: Corrected timeout issue in subsequent to the first DT...

Fedora 19 : mingw-gnutls-3.1.22-1.fc19 (2014-3493)

Version 3.1.22 released 2014-03-03 - libgnutls: Corrected certificate verification issue GNUTLS-SA-2014-2 - libgnutls: Corrected issue in gnutlspcertlistimportx509raw when provided with invalid data. Reported by Dmitriy Anisimkov. - libgnutls: Corrected timeout issue in subsequent to the first DT...

Apache Commons FileUpload and Apache Tomcat - Denial of Service

CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in evaluating whether their applications are vulnerable to this...

Ubuntu Update for firefox USN-2102-1

Check for the Version of firefox OpenVAS Vulnerability Test $Id: gbubuntuUSN21021.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for firefox USN-2102-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

CVE-2014-0038

The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter...

FreeBSD : mozilla -- multiple vulnerabilities (1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8)

The Mozilla Project reports : MFSA 2014-01 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Informatio...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-01 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Information...

UI selection timeout missing on download prompts — Mozilla

Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files t...

CVE-2014-0038

The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter...

IBM Lotus Notes Sametime Room Name Bruteforce

This module bruteforces Sametime meeting room names via the IBM Lotus Notes Sametime web interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime...

HP SiteScope issueSiebelCmd Remote Code Execution

This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope...

Hyper-V VSS snapshot import delay

Challenge If you backup your VMs using Dell Equallogic hardware VSS provider in some cases datavhd/vhdx that we read from VSS snapshot could be inconsistent Cause During Hyper-V backup, we execute VSS API call DoSnapshotSet, as soon as it completes, we execute ImportSnapshot VSS API call, without...

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...

CVE-2012-6151

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to timeout...

DEBIAN-CVE-2012-6151

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to timeout...

HackerOne: PNG compression DoS

ztxt: http://www.libpng.org/pub/png/spec/1.1/PNG-Chunks.htmlC.zTXt "zTXT Documentation" tech: http://www.zlib.net/zlibtech.html "zlib technical details" zlibvuln1: http://www.kb.cert.org/vuls/id/680620 zlibvuln2: http://www.kb.cert.org/vuls/id/238678 PNG compression DoS ---------------------...

HackerOne: GIF flooding

Current limits --------------------- Image size: 1 MB Image dimensions: 2048x2048px File types: jpg/png/gif Another image hack --------------------- A GIF composed of 40k 1x1 images made Paperclip freeze until timeout. As attachments I sent the file composed of 40k images, and a screenshot of the...

HackerOne: Pixel flood attack

Hey guys, I just found a way to make your service timeout. I didn't know if I should put this under the Internet section of just the HackerOne section, because the exploit also crashes my Windows Image Viewer. A lot of other services should be vulnerable as well. For the sake of responsible...

Zabbix Authenticated Remote Command Execution

ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This module was tested against Zabbix v2.0.9, v2.0.5, v3.0.1, v4.0.1...