CVE-2016-2003
published 2016-04-20CVE-2016-2003: HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.46%
90.2th percentile
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8rpm-2v4f-qv9f: HPE P9000 Command View Advanced Edition Software (CVAE) 7
ghsa_unreviewed·2022-05-17
CVE-2016-2003 [CRITICAL] GHSA-8rpm-2v4f-qv9f: HPE P9000 Command View Advanced Edition Software (CVAE) 7
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Red Hat
curl: IDNA 2003 makes curl use wrong host
vendor_redhat·2016-11-02·CVSS 5.3
CVE-2016-8625 [MEDIUM] CWE-20 curl: IDNA 2003 makes curl use wrong host
curl: IDNA 2003 makes curl use wrong host
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Affected
Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Affected
Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Affected
Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Will not fix
Package: curl (Red Hat Enterprise Linux 5) - Will not fix
Package: curl (Red Hat Enterprise Linux 6) - Will not fix
Package: curl (Red Hat Enterprise Linux 7) - Will not fix
Package: mingw-virt-viewer (Red Hat
No detection rules found.
Exploit-DB
Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)
exploitdb·2016-11-09
CVE-2016-7237 Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)
Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)
---
MS16-137: LSASS Remote Memory Corruption Advisory
Title: LSASS SMB NTLM Exchange Remote Memory Corruption
Version: 1.0
Issue type: Null Pointer Dereference
Authentication: Pre-Authenticated
Affected vendor: Microsoft
Release date: 8/11/2016
Discovered by: Laurent Gaffié
Advisory by: Laurent Gaffié
Issue status: Patch available
Affected versions: Windows: XP/Server 2003, Vista, 7, 2008R2, Server 2012R2, 10.
A vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to remotely crash the LSASS.EXE process of an affected workstation with no user interaction.
Successful rem
Exploit-DB
Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)
exploitdb·2016-10-24
CVE-2011-1974 Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)
Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)
---
/*
################################################################
# Exploit Title: Windows x86 (all versions) NDISTAPI privilege escalation (MS11-062)
# Date: 2016-10-24
# Exploit Author: Tomislav Paskalev
# Vulnerable Software:
# Windows XP SP3 x86
# Windows XP Pro SP2 x64
# Windows Server 2003 SP2 x86
# Windows Server 2003 SP2 x64
# Windows Server 2003 SP2 Itanium-based Systems
# Supported Vulnerable Software:
# Windows XP SP3 x86
# Windows Server 2003 SP2 x86
# Tested Software:
# Windows XP Pro SP3 x86 EN [5.1.2600]
# Windows Server 2003 Ent SP2 EN [5.2.3790]
# CVE ID: 2011-1974
################################################################
# Vulnerability description:
# An elevation of privilege vulner
Exploit-DB
Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
exploitdb·2016-10-18
CVE-2011-1249 Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
---
/*
################################################################
# Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046)
# Date: 2016-10-16
# Exploit Author: Tomislav Paskalev
# Vulnerable Software:
# Windows XP SP3 x86
# Windows XP Pro SP2 x64
# Windows Server 2003 SP2 x86
# Windows Server 2003 SP2 x64
# Windows Server 2003 SP2 Itanium-based Systems
# Windows Vista SP1 x86
# Windows Vista SP2 x86
# Windows Vista SP1 x64
# Windows Vista SP2 x64
# Windows Server 2008 x86
# Windows Server 2008 SP2 x86
# Windows Server 2008 x64
# Windows Server 2008 SP2 x64
# Windows Server 2008 Itanium-based Systems
# Windows Server 2008 SP2 Itanium-based Systems
# Windows 7 x86
# Windows 7 SP1 x86
# Wi
2016-04-20
Published