DP300,TE60,TP3106,ViewPoint 9030,eCNS210 TD,eSpace 7950,eSpace IAD,eSpace U1981 Security Vulnerabilities

QIWI: PIN OK attack

PIN OK attack is an attack when a wedge-device (created for MiTM) is used to substitute the response from the card during an offline-PIN check and say that PIN was correct. Reproduction steps: * An attacker with a stolen card without the correct PIN knowledge can use either a so-called wedge...

Huawei Data Communication: Multiple Vulnerabilities in Some Huawei Products (huawei-sa-20171213-06-xml)

There is a memory leak vulnerability in some Huawei...

Huawei Data Communication: Buffer Overflow Vulnerability in Some Huawei Products (huawei-sa-20171215-01-overflow)

There is buffer overflow vulnerability in some Huawei...

Huawei Data Communication: Weak Cryptography Vulnerability in Some Huawei Products (huawei-sa-20171222-01-cryptography)

Some Huawei products have a weak cryptography...

Huawei Data Communication: Resource Exhaustion Vulnerability on Several Products (huawei-sa-20171213-02-h323)

There is a resource exhaustion vulnerability on several...

Huawei Data Communication: Multiple Vulnerabilities in Some Huawei Products (huawei-sa-20171215-01-buffer)

There are two buffer overflow vulnerabilities in some Huawei...

Huawei Data Communication: Memory Leak Vulnerability in Some Huawei Products (huawei-sa-20180124-01-memory)

There is a memory leak vulnerability in some Huawei...

Huawei Data Communication: Two Vulnerabilities in H323 protocol of Huawei Products (huawei-sa-20171129-01-h323)

There is an out-of-bounds read vulnerability in H323 protocol of Huawei...

Huawei Products Multiple DoS Vulnerabilities (huawei-sa-20171201-01-xml)

Multiple Huawei products are prone to multiple denial of service vulnerabilities in the XML parser. This VT has been deprecated as a duplicate of the...

Huawei Data Communication: CPU Side Channel Vulnerability L1TF (huawei-sa-20180815-01-cpu)

Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). This VT has been deprecated and is therefore no longer...

Huawei Data Communication: Privilege Escalation Vulnerability in Some Huawei Products (huawei-sa-20181010-01-debug)

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software...

Huawei Data Communication: CPU Vulnerabilities 'Meltdown' and 'Spectre' (huawei-sa-20180606-01-cpu)

Security researchers disclosed two groups of CPU...

Huawei Data Communication: Input Validation Vulnerability in H323 Protocol of Huawei products (huawei-sa-20171206-01-h323)

There is an insufficient validation vulnerability in some Huawei...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20180704-01-algorithm)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Cache Timing Vulnerability in OpenSSL RSA Key Generation (huawei-sa-20181212-01-cache)

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack...

Huawei Data Communication: Multiple Vulnerabilities of PEM Module in Some Huawei Products (huawei-sa-20171206-01-pem)

There is a null pointer reference vulnerability in PEM module of Huawei products due to insufficient...

Huawei Data Communication: Buffer Overflow Vulnerability in Some Huawei Products (huawei-sa-20180502-02-cops)

There is a buffer overflow vulnerability in the Common Open Policy Service Protocol (COPS) module of some Huawei...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20180703-01-algorithm)

There is a weak algorithm vulnerability in some Huawei...

Huawei Products Buffer Overflow Vulnerability (huawei-sa-20171206-01-buffer)

Multiple Huawei products are prone to a buffer overflow...

Huawei Products DoS Vulnerability (huawei-sa-20171201-01-pse)

Multiple Huawei products are prone to a denial of service...

Huawei Data Communication: Multiple Buffer Overflow Vulnerabilities in Some Huawei Products (huawei-sa-20171201-01-sip)

There are three buffer overflow vulnerabilities in the SIP backup feature of some Huawei...

Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)

Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive...

a101.com.tr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1166752 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Huawei Data Communication: Multiple OpenSSL Vulnerabilities in January 2017 (huawei-sa-20170503-01-openssl)

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new...

Huawei Data Communication: Two Vulnerabilities in Some Huawei Products (huawei-sa-20171018-01-h323)

There is a DoS vulnerability in some Huawei...

Description of the security update for SharePoint Foundation 2013: May 12, 2020

Description of the security update for SharePoint Foundation 2013: May 12, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

espace-aubade.fr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1159205 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

bloo.com.au Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1158640 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

sindjustica.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1157020 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

NERC CIP Compliance in Azure vs. Azure Government cloud

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...

espace-emplois.fr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1142544 Security Researcher geeknik Helped patch 8696 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting espace-emplois.fr website...

Description of the security update for SharePoint Foundation 2013: April 14, 2020

Description of the security update for SharePoint Foundation 2013: April 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

MS15-099: Description of the security update for SharePoint Foundation 2013: September 8, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more...

espace-projets-interassociatifs.fr Cross Site Scripting vulnerability OBB-1138090

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence....

NagiosXI 5.6.11 Remote Command Execution

...

automoviles.com.py Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1122419 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

miljoenhuizen.nl Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1120862 Security Researcher NUMAN Helped patch 34 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting miljoenhuizen.nl website and its users. Following...

food.je Cross Site Scripting vulnerability

Security Researcher 4N_CURZE Helped patch 1386 vulnerabilities Received 7 Coordinated Disclosure badges Received 12 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting food.je website and its users. Following coordinated and...

theworks.co.uk Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1119637 Security Researcher 4N_CURZE Helped patch 1407 vulnerabilities Received 7 Coordinated Disclosure badges Received 12 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting theworks.co.uk website...

Description of the security update for SharePoint Foundation 2013: March 10, 2020

Description of the security update for SharePoint Foundation 2013: March 10, 2020 Summary This security update resolves a vulnerability that occurs if SharePoint Server does not correctly sanitize a specially crafted request to an affected SharePoint server. To learn more about the vulnerability,.....

vents.ua Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1097415 Security Researcher Broly157 Helped patch 1679 vulnerabilities Received 7 Coordinated Disclosure badges Received 16 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting vents.ua website and its...

CVE-2020-1841

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

CVE-2020-1841

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

Information disclosure

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

CVE-2020-1841

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

U.S. Dept Of Defense: [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator

Summary: Hello. Due to insufficient access controls and poor implementation of the registration at https://████████/████/login.cfm it was possible to register while privilege escalating to an administrator. Description: It was possible to tamper with the registration request at...