CVE-2016-4971 [Arbitrary File Upload / Potential Remote Code Execution] Severity: High below 1.8 version. All versions of Wget before the patched version of 1.18 are affected. 1. GNU wget before 1.18 when supplied with a malicious URL (to a malicious or compromised web server) can be tricked into saving an arbitrary remote file supplied by […]
ImageTragick – ImageMagick Filtering Vulnerability Fix A vulnerability was found in Imagemagick where insufficient filtering for filenames passed to a delegate’s command allows remote code execution during the conversion of several file formats. How to Test There are two ways we can check if the server is vulnerable: Create a test file, imagick_exploit.mvg with following […]
OPENSSL VULNERABILITIES – CVE-2016-2108 & CVE-2016-2107 On 3rd May 2016, OpenSSL released patches for two high severity bugs (CVE-2016-2108 & CVE-2016-2107), and 4 low severity ones. CVE-2016-2107 is an OpenSSL bug which allows a man-in-the-middle (MITM) attacker to use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the […]
General Information regarding DROWN vulnerability Fix On March 1, we have another OpenSSL vulnerability reported: DROWN. Please follow the document to know more about DROWN and DROWN Vulnerability Fix Name: DROWN( Decrypting RSA using Obsolete and Weakened eNcryption.) Type: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800). Affected services: DROWN is a serious vulnerability that affects HTTPS and other services that […]
Considering the recent glibc vulnerability, getting details regarding glibc versions can be a bit difficult when you are managing large server clusters with multiple OS versions. Configuration management tools like ansible becomes a real boon in here. For anyone who is not familiar with ansible, take a looks at the ansible intro page for details […]
What’s the glibc getaddrinfo vulnerability? Red Hat has updated details on the vulnerability. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user […]
Hadoop is a software framework for creating a cluster of servers to handle huge amounts of data which in turn leads it to be called Big Data processing. BigData should be in 3 “V”s, Volume , Velocity and Variety. Volume : The amount of dat generated Velocity : Speed of your data analysing Variety : […]
Docker Tutorial We hope this docker tutorial will help you to understand some more details about docker and its usage. Docker, the word itself gives the whole meaning of the docker system. We know that it is difficult to clone a specific configuration to somewhere else. The docker makes this very simple. Build, Ship, Run!!! […]
OpenSSL is an open-source implementation of the SSL and TLS protocols. It’s a technology that’s widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL. Heartbleed and Openssl vulnerabilities Even with a large number of organizations using OpenSSL, […]
Begin typing your search term above and press enter to search. Press ESC to cancel.
