CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

CVE-2020-13617

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login...

CVE-2020-13617

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login...

Information disclosure

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login...

CVE-2020-13617

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login...

Description of the security update for SharePoint Foundation 2013: August 11, 2020

Description of the security update for SharePoint Foundation 2013: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the...

CVE-2020-9102

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected...

CVE-2020-9102

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected...

Information disclosure

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected...

CVE-2020-9102

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected...

Security Advisory - Information Disclosure Vulnerability on some Huawei Products

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. (Vulnerability.....

Description of the security update for SharePoint Foundation 2013: July 14, 2020

Description of the security update for SharePoint Foundation 2013: July 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

thunderbird security update

[68.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0...

firefox security update

[68.5.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri Feb 07 2020 Jan Horak - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak - Update to 68.4.1esr build1 * Fri Jan 03...

Huawei Data Communication: Out-Of-Bounds Write Vulnerability on Several Huawei Products (huawei-sa-20180214-01-ospf)

There is an out-of-bounds write vulnerability on several Huawei...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20200108-01-rsa)

There is a weak algorithm vulnerability in some Huawei...

CVE-2020-3360

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected...

CVE-2020-3360

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected...

Improper access control

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected...

Cisco IP Phones Call Log Information Disclosure Vulnerability

A vulnerability in the Web Access feature of Cisco IP Phones could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could...

CVE-2020-3360 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected...

WordPress Drag And Drop Plugin Remote Code Execution (CVE-2020-12800)

A remote code execution vulnerability exists in WordPress Drag And Drop plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...

WordPress Drag and Drop Multiple File Upload Plugin < 1.3.3.3 Unrestricted File Upload Vulnerability

The WordPress...

Description of the security update for SharePoint Foundation 2013: June 9, 2020

Description of the security update for SharePoint Foundation 2013: June 9, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

CVE-2020-12800

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php%...

CVE-2020-12800

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php%...

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger...

Unrestricted file upload

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php%...

CVE-2020-12800

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php%...

WordPress Drag And Drop Multi File Uploader Remote Code Execution Exploit

Exploit for php platform in category web...

WordPress Drag And Drop Multi File Uploader Remote Code Execution

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form...

Huawei Data Communication: Memory Leak Vulnerability in Some Huawei Products (huawei-sa-20161221-02-ldp)

Some Huawei products have a memory leak...

Huawei Data Communication: Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) (huawei-sa-20191204-01-kernel)

Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20190821-02-algorithm)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Improper Authentication Vulnerability in Some Huawei CloudEngine Products (huawei-sa-20190918-01-authentication)

There is an improper authentication vulnerability in some Huawei CloudEngine products. This VT has been deprecated and is therefore no longer...

Huawei Data Communication: Denial of Service Vulnerability in some Huawei Products (huawei-sa-20191204-03-dos)

Some Huawei products have DoS...

Huawei Data Communication: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (huawei-sa-20170118-01-ipv6)

There is a vulnerability in the IP Version 6 (IPv6) Neighbor Discovery packet process of multiple products. This VT has been deprecated and is therefore no longer...

WordPress Drag And Drop Multi File Uploader Remote Code Execution

...

Wordpress Drag and Drop Multi File Uploader RCE

This module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for...

WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload

WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload...

CVE-2020-1870

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product...

CVE-2020-1870

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product...

Denial of service

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product...

CVE-2020-1870

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product...

Huawei Data Communication: Weak Cryptography Vulnerability in Some Huawei Products (huawei-sa-20171222-01-cryptography)

Some Huawei products have a weak cryptography...

WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload

...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0025)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.3.2 - Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE) discovered by Austin Martin in WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin (versions &lt;= 1.3.3.2). Solution Update the WordPress Drag and Drop Multiple File Upload for Contact Form...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0026)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write....

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. (Vulnerability ID:...