CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

Huawei Data Communication: Side-Channel Vulnerability Variants 3a and 4 (huawei-sa-20180615-01-cpu)

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and...

WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution

...

Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass

Due to the plugin not properly checking the file being uploaded (via the dnd_codedropz_upload AJAX action), an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be...

Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass

Due to the plugin not properly checking the file being uploaded (via the dnd_codedropz_upload AJAX action), an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be...

Huawei Data Communication: Memory Leak Vulnerability in Some Huawei Products (huawei-sa-20171201-01-router)

Some Huawei products have a memory leak...

WordPress Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Exploit

Exploit for php platform in category web...

Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)

Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20180703-01-algorithm)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: DoS Vulnerability in Huawei Switches (huawei-sa-20161130-01-switch)

There is a denial of service (DoS) vulnerability in Huawei switches due to improper management of system...

Huawei Data Communication: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (huawei-sa-20160824-01-ipv6)

Multiple Huawei products are prone to a denial of service vulnerability in the IPv6 Neighbor Discovery packet...

Huawei Data Communication: Memory Leak Vulnerability (huawei-sa-20161221-01-ldp)

Some Huawei products are prone to a memory leak...

Huawei Data Communication: Memory Leak Vulnerability in Some Huawei Products (huawei-sa-20161214-01-ldp)

Some Huawei products have a memory leak...

Huawei Data Communication: MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products (huawei-sa-20170720-01-ospf)

Some Huawei products have a MaxAge LSA vulnerability due to improper OSPF...

Huawei Data Communication: Integer Overflow Vulnerability in Some Huawei Devices (huawei-sa-20161123-01-vrp)

Some Huawei devices have an integer overflow...

Exploit for Unrestricted Upload of File with Dangerous Type in Codedropz Drag And Drop Multiple File Upload - Contact Form 7

CVE-2020-12800 POC Script for...

Description of the security update for SharePoint Foundation 2013: May 12, 2020

Description of the security update for SharePoint Foundation 2013: May 12, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management

Summary There are multiple vulnerabilities in Mozilla Firefox used by IBM® Cloud App Management. IBM Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details ** CVEID: CVE-2020-6796 DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute...

Ubuntu: Security Advisory (USN-4335-1)

The remote host is missing an update for...

Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin.....

Thunderbird vulnerabilities

Releases Ubuntu 16.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to...

Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of...

CVE-2020-7800

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...

CVE-2020-7801

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...

CVE-2020-7802

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....

CVE-2020-7801

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...

CVE-2020-7800

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...

CVE-2020-7802

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....

Code injection

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...

Design/Logic Flaw

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....

Race condition

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...

CVE-2020-7802

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....

CVE-2020-7801

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...

CVE-2020-7800

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...

Description of the security update for SharePoint Foundation 2013: April 14, 2020

Description of the security update for SharePoint Foundation 2013: April 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Ubuntu: Security Advisory (USN-4328-1)

The remote host is missing an update for...

Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4328-1)

It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an...

MS15-099: Description of the security update for SharePoint Foundation 2013: September 8, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more...

Thunderbird vulnerabilities

Releases Ubuntu 19.10 Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792)...

CVE-2017-18694

An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January...

Synergy Systems & Solutions HUSKY RTU (Update A)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Synergy Systems & Solutions (SSS) Equipment: HUSKY RTU --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Improper Authentication, Improper Input Validation, Missing Authentication...

CVE-2020-11518

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code...

Remote code execution

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code...

FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server

FProbe - Fast HTTP Probe Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some...

CVE-2018-5800

A heap-based out-of-bounds access flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted...

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.5.0 ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF10 + ICAM 3.0 - 4.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-6796, CVE-2020-6800, CVE-2020-6798 Vulnerability Details ** CVEID: CVE-2020-6796 DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds...

Customers created via the Customer Portal do not trigger an email verification

In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: * version &lt; 3.16.13 * 4.0.0 ≤ version &lt; 4.5.3 * 4.6.0 ≤ version &lt; 4.7.0 ...

Customers created via the Customer Portal do not trigger an email verification

In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: * version &lt; 3.16.13 * 4.0.0 ≤ version &lt; 4.5.3 * 4.6.0 ≤ version &lt; 4.7.0 ...

Amazon Linux 2 : thunderbird (ALAS-2020-1408)

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird &lt; 68.5. (CVE-2020-6792) When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory...

Important: thunderbird

Issue Overview: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird &lt; 68.5. (CVE-2020-6792) When processing an email message with an ill-formed envelope, Thunderbird could read data from a...

GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-10 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be...