164 matches found
Denial of Service Vulnerabilities in NVidia® Drivers that affect Quadro, NVS and GeForce Windows-based Systems
Lenovo Security Advisory: LEN-9334 Potential Impact: Remote Desktop denial of service and blue screen crash Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-4959, CVE-2016-3161, CVE-2016-5852, CVE-2016-4960, CVE-2016-5025, CVE-2016-4961 Summary Description: Multiple...
MS14-011: Description of the security update for Visual Basic Scripting Edition (VBScript) 5.7: February 11, 2014
MS14-011: Description of the security update for Visual Basic Scripting Edition VBScript 5.7: February 11, 2014 INTRODUCTION Microsoft has released security bulletin MS14-011. To view the complete security bulletin, go to one of the following Microsoft websites: Home...
Automated Security Response: Falcon Orchestrator
CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program. Falcon Orchestrator has only be...
RIPPER ATM Malware Uses Malicious EMV Chip
Update This story was updated Aug. 31. A never-before-seen malware family known as RIPPER is being blamed for a rash of ATM heists in Thailand last week. The malware, found by researchers at FireEye, is responsible for the theft of 12 million baht $378,000 from ATMs at banks across Thailand. The...
VMware ESX / ESXi Guest OS Local Privilege Escalation (VMSA-2013-0014) (remote check)
The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by a privilege escalation vulnerability due to improper handling of control code in the lgtosync.sys driver. A local attacker can exploit this escalate privileges on Windows-based 32-bit guest...
VMware ESX / ESXi VMCI Privilege Escalation (VMSA-2013-0002) (remote check)
The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by a privilege escalation vulnerability in the Virtual Machine Communication Interface VMCI due to improper handling of control code in vmci.sys. A local attacker can exploit this to change memory...
Android Pentesting Portable Integrated Environment: Appie
Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...
VMSA-2016-0002 : VMware product updates address a critical glibc security vulnerability
a. glibc update for multiple products. The glibc library has been updated in multiple products to resolve a stack-based buffer overflow present in the glibc getaddrinfo function. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2015-7547. VMware...
Design/Logic Flaw
The Windows-based Host Interface Program WHIP service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service device outage or possibly have unspecified other...
Here's the Facebook Hacking Tool that Can Really Hack Accounts, But...
Yes, you heard me right. A newly discovered Facebook hacking tool actually has the capability to hack Facebook account, but YOURS, and not the one you desire to hack. How to Hack Facebook account? How to Hack my Girlfriends Facebook account? My boyfriend is cheating on me, How do I hack his...
KLA10733 Multiple vulnerabilities in VMware products
Memory corruption vulnerability was found in VMware products. By exploiting this vulnerability malicious users can cause denial of service or gain privileges. This vulnerability can be exploited remotely via an unknown vectors. NB: This vulnerability have no public CVSS rating so rating can be...
HTTP Suspicious SMB Redirection
A vulnerability has been discovered in the way numerous Windows-based applications follow HTTP redirection messages. By enticing a user to connect to a malicious Web server or by using Man in the Middle techniques, an attacker might cause a vulnerable application to initiate an SMB connection to ...
How to Simulate Veeam Backup & Replication Disk I/O
Purpose This article provides examples of using common workload simulators diskspd and fio to simulate Veeam Backup & Replication disk I/O. Do Not Send Test Output Files to Veeam Support The write test output files testfile.dat do not contain diagnostic data. As such, please do not attach them to...
NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2014-0010 Synopsis: VMware product updates address critical Bash security vulnerabilities Issue date: 2014-09-30 Updated on: 2014-09-30 Initial Advisory CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-718...
VMware product updates address critical Bash security vulnerabilities
a. Bash update for multiple products. Bash libraries have been updated in multiple products to resolve multiple critical security issues, also referred to as Shellshock.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifiers CVE-2014-6271, CVE-2014-7169,...
Hosting Controller <= 0.6.1 Hotfix 1.4 Directory Browsing Vulnerability
No description provided by source. Advisory Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions : All version Tested on: v.6.1 Hotfix 1.4 Vendor Contacted : 12/5/2004...
Rosewill RSVA11001 - Remote Command Injection
No description provided by source. I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit for another...
Syslog Watcher Pro 2.8.0.812 - (Date Parameter) - Cross Site Scripting Vulnerability
No description provided by source. Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impac...
Acritum Femitter 1.03 - Directory Traversal Exploit
No description provided by source. Acritum Femitter v1.03 Directory Traversal Exploit Found By: DrIDE Date: Apr. 20, 2010 Tested On: Windows 7 Download: http://acritum.com/fem/download.htm - Description - Acritum Femitter v1.03 is a Windows based HTTP server. This is the latest version of the...
MS14-033: Vulnerability in Microsoft XML core services could allow information disclosure: June 10, 2014
Resolves a vulnerability in Windows that could allow information disclosure if a logged-on user accesses a specially crafted website that's designed to start Microsoft XML Core Services MSXML through Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-033. To learn more...