92 matches found
F5 Networks BIG-IP : Node.js vulnerability (K27228191)
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
Apache Spark RPC Protocol deserialization vulnerability analysis-vulnerability warning-the black bar safety net
Front a burst of Spark official release of the title for the CVE-2018-17190: Unsecured Apache Spark standalone executes user code of the security Bulletin. The announcement indicated the vulnerability affects version to full version, and does not indicate a repaired version, only the relevant...
WebExec - (Authenticated) User Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...
CentOS Update for spamassassin CESA-2018:2916 centos7
Check the version of spamassassin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882963";...
RHEL 7 : spamassassin (RHSA-2018:2916)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2916 advisory. The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: Certain...
Oracle Linux 7 : spamassassin (ELSA-2018-2916)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2018-2916 advisory. - Fix CVE-2018-11781 - Local user code injection in the meta rule syntax - Fix CVE-2017-15705 - Certain unclosed tags in crafted emails allow for Tenab...
Code injection
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...
CVE-2018-11781
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...
CVE-2017-3183
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determine...
CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
Input validation
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
CVE-2018-7159
The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...
CVE-2017-8746
Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability"...
Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)
The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...
Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit
Exploit for macOS platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to...
Default Password 'meinsm' for 'Administrator' Account
The account 'Administrator' on the remote host has the default password 'meinsm'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "Administrator"; password = "meinsm";...