S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td Security Vulnerabilities

Huawei Data Communication: Denial of Service Vulnerability in Huawei Products (huawei-sa-20210512-01-dos)

There is a denial of service vulnerability in Huawei...

CVE-2021-22357

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

CVE-2021-22357

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

Denial of service

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

CVE-2021-22357

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

NetModule Router Software Password Handling / Session Fixation Vulnerability

NetModule Router Software versions prior to 4.3.0.113, 4.4.0.111, and 4.5.0.105 suffer from insecure password handling and session fixation...

NetModule Router Software Password Handling / Session Fixation

...

elFinder - A Case Study of Web File Manager Vulnerabilities

An application’s interaction with the file system is always highly security sensitive, since minor functional bugs can easily be the source of exploitable vulnerabilities. This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure

...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)

...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Vulnerability

...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)

...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure

...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure

Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Advisory ID: ZSL-2021-5665 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (3/5) Release Date: 15.08.2021 Summary COMMAX Smart Home System is a smart IoT home...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Advisory ID: ZSL-2021-5666 Type: Local/Remote Impact: Manipulation of Data, DoS Risk: (4/5) Release Date: 15.08.2021 Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment...

phpfastcache - phpinfo Resource Exposure

phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via...

ifw8 Router ROM v4.31 - Credential Discovery

ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source...

Debian DSA-4949-1 : jetty9 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4949 advisory. In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a...

CVE-2021-22396

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions...

Epson Printer Detection (HTTP)

HTTP based detection of Epson printer...

OpenSIS 7.3 - SQL Injection

OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of...

Zimbra 8.8.15 - Webmail Compromise via Email

Zimbra is a popular webmail solution for global enterprises. According to Zimbra, it is used by over 200,000 businesses and over a thousand government & financial institutions to exchange emails between millions of users every day. When attackers get access to an employee's email account, it often....

Lucee Admin - Remote Code Execution

Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution...

Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability

Summary A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability....

Advantech R-SeeNet ping.php OS Command Injection vulnerability

Summary An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

Advantech R-SeeNet device_graph_page.php Multiple Reflected XSS vulnerabilities

Summary Multiple cross-site scripting vulnerabilities exist in the device_graph_page.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits specially crafted URLs, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An...

Etherpad 1.8.13 - Code Execution Vulnerabilities

Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of.....

Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)

The theme does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. Due to a nonce check, this issue is only exploitable on unauthenticated users (for as long as the nonce used in the request is...

Security update for the Linux Kernel (important)

An update that solves 52 vulnerabilities and has 250 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...

Security update for the Linux Kernel (important)

An update that solves 52 vulnerabilities and has 187 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...

Acronis: Subdomain takeover of main domain of https://www.cyberlynx.lu/

Summary Hi Acronis Security Team , Hope you well. I found one of your subdomains which is www.cyberlynx.lu (One of your Acquisition) is pointing towards www.cyberlynx.lu canonical name = www118.wixdns.net. www118.wixdns.net canonical name = balancer.wixdns.net. balancer.wixdns.net canonical...

Rockwell Automation MicroLogix 1100

EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2021-2125)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 3.0.2.2 : qemu-kvm (EulerOS-SA-2021-2166)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer ...

EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2021-2125)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : A flaw was found in QEMU. A heap-based buffer overflow vulnerability was found in the SDHCI device emulation ...

Newspaper < 11 - Reflected Cross-Site Scripting (XSS)

The theme does not sanitise the td_atts.modules_category parameter in its td_ajax_search AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

Huawei Data Communication: Improper Licenses Management Vulnerability in Some Products (huawei-sa-20210407-01-resourcemanagement)

There has a license management vulnerability in some huawei...

CVE-2021-22329

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

CVE-2021-22329

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

Design/Logic Flaw

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

CVE-2021-22329

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

Seeddms 5.1.10 - Remote Command Execution (Authenticated) Exploit

...

Seeddms 5.1.10 Remote Command Execution

...

Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)

...

Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload

...

Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload Exploit

...

Huawei Data Communication: Command Injection Vulnerability in Huawei Products (huawei-sa-20210602-01-cmdinj)

There is a command injection vulnerability in Huawei...

CVE-2021-22383

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by.....

CVE-2021-22363

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service...