Dp300,te60,tp3106,espace U1981 Security Vulnerabilities
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. (Vulnerability ID: HWPSIRT-2016-09065) This vulnerability has...
9.8CVSS
3.4AI Score
0.911EPSS
Vulnerable URL: https://www.jdc.fr/espace-partenaires/?part=%3C/script%3E%3Cscript%3Ealert(/OPENBUGBOUNTY/)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 05.12.2017 Latest check for patch:| 05.12.2017 21:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
6.3AI Score
Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094) This vulnerability has been assigned a CVE ID:...
10CVSS
9.4AI Score
0.975EPSS
Security Advisory - DoS Vulnerability in Multiple Huawei Products
There is an denial of service (DoS) vulnerability in multiple Huawei products. An attacker with specific permission can craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. (Vulnerability ID: HWPSIRT-2016-07088) This vulnerability has been.....
5.5CVSS
5.4AI Score
0.0004EPSS
Security Advisory - Dirty COW Vulnerability in Huawei Products
In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An.....
7.8CVSS
0.8AI Score
0.879EPSS
Security Advisory - XSS Vulnerability in Huawei eSpace IAD
Huawei eSpace Integrated Access Device (IAD) has a reflected cross-site scripting (XSS) vulnerability. An attacker could trick a user into clicking a URL containing malicious scripts. Then the user's browser may receive a response from the eSpace IAD and execute the malicious scripts. Successful...
6.1CVSS
5.6AI Score
0.001EPSS
swissquote.ch XSS vulnerability
Vulnerable URL: http://www.swissquote.ch/espace/extern/SFBoerse/resultNew.jsp?lang=de&s;=CH0009987501_M9_CHF&title;=%22%3E%3Csvg/onload=alert(/OPENBUGBOUNTY/)%3E Details: Description| Value ---|--- Patched:| Yes, at 08.11.2017 Latest check for patch:| 08.11.2017 07:32 GMT Vulnerability type:| XSS.....
6.3AI Score
espace-livres-creation.be XSS vulnerability
Vulnerable URL: http://espace-livres-creation.be/?elc-auteur=%27%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E&elc-titre;=%5C%5C%5C%27%5C%5C&elc-editeur;=%5C%5C%5C%27%5C%5C&s;=elc Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability.....
6.3AI Score
Security Advisory - Information Leak Vulnerability in Huawei eSpace IAD
Huawei eSpace IAD products have an information leak vulnerability. Some Web pages do not verify the validity of the permission. An attacker can check and download the fault information by access special URL. (Vulnerability ID: HWPSIRT-2016-08001) This vulnerability has been assigned a CVE ID:...
5.3CVSS
5.2AI Score
0.001EPSS
espace-diabolo.be XSS vulnerability
Open Bug Bounty ID: OBB-178730 Description| Value ---|--- Affected Website:| espace-diabolo.be Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Remediation Guide:| OWASP XSS Prevention...
6.4AI Score
espace-diabolo.be XSS vulnerability
Vulnerable URL: http://www.espace-diabolo.be/partenaires.asp?page=308">&p;=h2q5DSKSQlzuveQdO3qbpzzlL6iq1GK5dqU4JGT6& Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 24757248 VIP...
6.3AI Score
-0.2AI Score
Ian Dunn: [Not just a server configuration issue] Full Path Disclosure
Hey, I've just found a 'full path disclosure' in basic-google-maps-placemarks, so it's not just a server configuration issue! I've tested it on different servers (including windows, ubuntu, CentOS etc..) PoC So, if we visit wp-content/plugins/basic-google-maps-placemarks/unit-tests.php it is...
0.3AI Score
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...
7.5CVSS
1.4AI Score
0.967EPSS
espace-cmr.com XSS vulnerability
Vulnerable URL: http://www.espace-cmr.com/recherche Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1753396 VIP website status:| No Check espace-cmr.com SSL connection:| (Grade:...
6.2AI Score
pourlascience.fr XSS vulnerability
Open Bug Bounty ID: OBB-157810 Description| Value ---|--- Affected Website:| pourlascience.fr Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Remediation Guide:| OWASP XSS Prevention...
6.4AI Score
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
Google security research team disclosed a buffer overflow vulnerability in GNU C library (glibc) (CVE-2015-7547) on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. (Vulnerability ID: HWPSIRT-2016-02018) This vulnerability has been.....
8.1CVSS
2.2AI Score
0.974EPSS
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
Google security research team disclosed a buffer overflow vulnerability in GNU C library (glibc) (CVE-2015-7547) on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. (Vulnerability ID: HWPSIRT-2016-02018) This vulnerability has been.....
8.1CVSS
8.9AI Score
0.974EPSS
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended....
6.8CVSS
6.7AI Score
0.001EPSS
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended....
6.8CVSS
6.7AI Score
0.001EPSS
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a...
5.3CVSS
5.2AI Score
0.002EPSS
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a...
5.3CVSS
5.6AI Score
0.002EPSS
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended....
6.8CVSS
7.2AI Score
0.001EPSS
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a...
5.3CVSS
7.1AI Score
0.002EPSS
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a...
5.4AI Score
0.002EPSS
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended....
6.7AI Score
0.001EPSS
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified...
7.5CVSS
7.4AI Score
0.002EPSS
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified...
7.5CVSS
7.5AI Score
0.002EPSS
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP...
7.5CVSS
7.3AI Score
0.002EPSS
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP...
7.5CVSS
7.3AI Score
0.002EPSS
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified...
7.5CVSS
7.2AI Score
0.002EPSS
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP...
7.5CVSS
7.1AI Score
0.002EPSS
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified...
7.5AI Score
0.002EPSS
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP...
7.3AI Score
0.002EPSS
espacefoot.fr XSS vulnerability
Open Bug Bounty ID: OBB-117087 Description| Value ---|--- Affected Website:| espacefoot.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
6.3AI Score
espace-etudiant.com vulnerability
Vulnerable URL: http://www.espace-etudiant.com/inc/link.asp?stat=lienlogo&ref;=284&lien;=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability status:| Publicly disclosed Alexa Rank| 10137897 Google Pagerank| 5 VIP website...
6.9AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Security Advisory - Two Vulnerabilities in Huawei TE Series Product
Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience. A security...
6.8CVSS
5.6AI Score
0.002EPSS
7.1AI Score
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered...
6.5AI Score
0.002EPSS
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered...
6.3AI Score
0.002EPSS
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered...
6.8AI Score
0.002EPSS
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered...
6.3AI Score
0.002EPSS
An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access.....
6.7AI Score
0.003EPSS
An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access.....
6.9AI Score
0.003EPSS
The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH...
6.6AI Score
0.003EPSS
The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH...
6.8AI Score
0.003EPSS