Month: April 2018

How to downgrade virtual machine hardware version – VMWare




After running ESXi 6.5 for a while, I decided to downgrade my environment to ESXi 6.0

 

The only problem with this was that my VMs were all hardware version 13 for 6.5 and so they wouldn’t run on my 6.0 servers.

To fix this, it’s really quite simple and doesn’t require converting anything.

 

First, you just need to download the .VMX file from the corresponding folder on your datastore.

Instead of deleting the original, I like to remame the original on datastore to VMNAME.vmx.bak

Open the file in a text editor and look for hardware version, it should be on the first few lines.

virtualHW.version = "13"

Change to desired hardware version (change 13 to 11 to downgrade from 6.5 VM to 6.0 VM)

Re-upload to the proper folder datastore and right click the .vmx -> Add to inventory.

The VM should now be running on the hardware version you entered.

 

I hope this helps!







PHP Code Quality Testing with RIPS 2.9.0

Code Quality VS. Exploitable Vulnerabilities There are many different perceptions of a “vulnerability” in the various tools available. What we at RIPS Technologies rank as a minor code quality issue, often is reported as a high-severe vulnerability by other vendors. The reason for this are different perspectives, the analysis capabilities, and the internal equation of bug categories. A tool that solely focuses on the detection of code quality issues by using fingerprints will classify any security-related finding as critical – although from a security expert’s perspective this finding may be only of informational value at most.

LimeSurvey 2.72.3 – Persistent XSS to Code Execution

See RIPS Scan Report Unauthenticated Persistent Cross-Site Scripting LimeSurvey 2.72.3 is prone to a persistent cross-site scripting vulnerability which is exploitable through the unauthenticated perspective. When submitting a public survey, the Continue Later feature allows users to save their partially completed survey repose and reload it at a later time. In order to identify the returning user, he provides an email address and a password when saving his response.