CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

Default credentials

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

CVE-2018-18929

The CVE concerns Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104, where a default local administrator username/password can be found in an unattend.xml left on the C: drive from Sysprep. An attacker with these credentials can gain administrator-level access to the system. Th...

Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming. For detailed install instructions or more information please see our blog Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 G...

Security Bulletin: IBM PureApplication Service is affected by vulnerabilities (CVE-2018-3639, CVE-2018-3640)

Summary IBM has released Version 2.2.5.3 for IBM PureApplication Service, which includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and Windows-based deployments, in response to CVE-2018-3639 and CVE-2018-3640. IBM PureApplication Service has addressed the following...

Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: January 8, 2019

Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: January 8, 2019 Summary A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. To...

Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

GHSA-R34R-F84J-5X4X Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments for IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System. Java 7 is used by IBM Base OS images. These issues were disclosed as part of the IBM Java SDK updates in April 2018. IBM OS Image for Red Hat Lin...

Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Change Data Capture installers (CVE-2016-4560)

Summary InstallAnywhere generates installation executables on Microsoft Windows which are vulnerable to a DLL-planting exploit affecting the Change Data Capture CDC components within the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Delivery families of products. Vulnerability...

IBM DB2 for Linux, UNIX and Windows File Overwrite Vulnerability (CNVD-2018-10561)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server for Linux, UNIX, and...

Description of the security update for the remote code execution vulnerability in Windows Server 2008: June 12, 2018

Description of the security update for the remote code execution vulnerability in Windows Server 2008: June 12, 2018 Summary A remote code execution vulnerability exists in the way that Windows handles objects in memory. To learn more about the vulnerability, go to CVE-2018-8136. More Information...

Path Traversal

Overview Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later. References - HackerOne Report - GitHub Advisory...

Samba Patches Two Critical Vulnerabilities in Server Software

Two critical patches for the free networking software Samba were released Tuesday, addressing vulnerabilities that could allow an unprivileged remote attacker to launch a denial of service attack against servers running the software or allow an adversary to change user passwords, including the...

Description of the security update for Word Viewer: March 13, 2018

Description of the security update for Word Viewer: March 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Description of the security update for SQL Server 2014 SP2 CU10: January 16, 2018

Description of the security update for SQL Server 2014 SP2 CU10: January 16, 2018 Summary Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including...

Arbitrary File Download

This package is vulnerable to Arbitrary File Download. A client can use backslashes to escape the directory the files where exposed from. Note: Only if the host server is a windows-based operating system...

Internet Explorer help

None None...

Apple iCloud/iTunes for Windows Security Bypass Vulnerability

Apple iCloud for Windows is a Windows-based cloud service from Apple that supports the storage of music, photos, apps, contacts, etc. Apple iTunes is a suite of media player applications from Apple that are primarily used for the playback and management of digital music and video files. It is use...