Jump to content

Search the Community

Showing results for tags 'affected'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 10 results

  1. Remote code execution for some, denial of service for the rest of us Cisco has issued a string of patches for 16 faults including a fix for a possible remote code execution in its IOS and IOS XE routing software. The patches address a generous dollop of security conditions caused by faulty queued packets. One flaw, rated severity 8.3, allows attackers to gain remote code execution in IOS XE by sending a crafted packet that allows code to run on affected boxes. Attackers could also send crafted packets to trigger denial of service. "A vulnerability in the AppNav component of Cisco IOS XE Softw
  2. Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at [1]. 5 Metasploit modules have been released and currently awaiting merge in the moderation queue [2]. Regards, Pedro [1]: https://raw.githubusercontent.com/pedrib/PoC/master/generic/sysaid-14.4-multiple-vulns.txt [2]: https://github.com/rapid7/metasploit-framework/pull/5470 https://github.com/rapid7/metasploit-framework/pull/5471 https://github.com/rapid7/metasploit-framework/pull/5
  3. Cisco has patched a remote code execution bug that could give attackers root privileges on its Unified Computing System (UCS) Central software used by more than 30,00 organisations. The UCS data centre server platform joins hardware, virtualisation, networking and software into one system. Versions 1.2 and below are affected. The Borg says the vulnerability (CVE-2015-0701) rates the maximum 10 severity rating due to its low exploitation requirements and "complete" impact to confidentiality, integrity and availability. "A vulnerability in the web framework of Cisco UCS Central Software could al
  4. https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions <= 4.2.4 Description 'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed javascript code which can lead to *code execution/administrator actions* when the injected code is triggered by an admin user. injected javascript code is triggered on any post page. Vulnerability Scope X
  5. # Type Confusion Infoleak Vulnerability in unserialize() with SoapFault Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.1 - Release Date: 2015.4.28 > A type confusion vulnerability was discovered in unserialize() with SoapFault object's __toString() magic method that can be abused for leaking arbitrary memory blocks. Affected Versions ------------ Affected is PHP 5.6 < 5.6.8 Affected is PHP 5.5 < 5.5.24 Affected is PHP 5.4 < 5.4.40 Affected is PHP 5.3 <= 5.3.29 Credits ------------ This vulnerability was disclosed by Taoguang Chen. Description ---
  6. #Use After Free Vulnerability in unserialize() Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.2.3 - Release Date: 2015.3.20 > A use-after-free vulnerability was discovered in unserialize() with a specially defined object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code. Affected Versions ------------ Affected is PHP 5.6 < 5.6.7 Affected is PHP 5.5 < 5.5.23 Affected is PHP 5.4 < 5.4.39 Affected is PHP 5 <= 5.3.29 Affected is PHP 4 <= 4.4.9 Credits ------------ This vulnerability was disclos
  7. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the world. LinkedIn security researcher Luca Carettoni and Mauro Gentile, a security consultant at Minded Security, presented their findings showing that Shockwave Flash files compiled by the vulnerable Flex software developers kit remain exploitable in fully updated Web browsers and Flash plugins. The researchers released partial details for the vulnerability along with mitigation informatio
  8. ##################################### Title:- Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270) Author: Harish Ramadoss - Help AG Middle East Vendor: ZOHO Corp Product: Manage Engine AD Audit Manager Plus Version: All versions below Build 6270 are mostly affected Tested Version: Build 6270 Severity: Medium CVE Reference: CVE-2015-1026 # About the Product: ADManager Plus is a Windows Active Directory Management and Reporting Solution that helps AD Administrators and Help Desk Technicians with their day-to-day activities. The softw
  9. Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize() with DateTime/DateTimeZone/DateInterval/DatePeriod objects's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affected Versions ------------ Affected is PHP 5.6 < 5.6.6 Affected is PHP 5.5 < 5.5.22 Affected is PHP 5.4 < 5.4.38 Credits ------------ This vulnerability was disclo
  10. Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: < 3.2.0 MP6 Product Website: http://www.symantec.com/en/sg/gateway-email-encryption/ Author: Paul Craig <paul[at]vantagepoint[dot]sg Summary: --------- Symantec Gateway Email Encryption provides centrally managed email encryption to secure email communications with customers and partners regardless of whether or not recipients have their
×
×
  • Create New...