8322 matches found
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
PT-2020-19487 · Cacti +2 · Cacti +2
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue allows remote code execution by privileged users through shell metacharacters in the Performance Boost Debug Log field of poller automation.php. This occurs when a new poller cycle begins, requiring...
Cacti Remote Code Execution Vulnerability (CNVD-2020-03255)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in Cacti version 1.2.8. An attacker...
CVE-2018-7569
An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information...
CVE-2019-20003
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
CVE-2019-20003
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
Design/Logic Flaw
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
CVE-2019-20003
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
CVE-2019-20003
CVE-2019-20003 affects Feldtech easescreen Crystal 9.0 Web-Services (version 9.0.1.16265). The stored XSS vulnerability exists in the Debug-Log and Display-Log components and can be triggered when an attacker sends a crafted string for FTP authentication. CVSS metrics indicate a network-based, me...
laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host
Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host. Scan rationale Scan host. Resolve IP adress and check .env file in IP Adress Checking debug mode Laravel Read .env variables Installation...
CVE-2019-14302
On Ricoh SP C250DN 1.06 devices, a debug port can be used...
CVE-2019-14302
On Ricoh SP C250DN 1.06 devices, a debug port can be used...
Design/Logic Flaw
On Ricoh SP C250DN 1.06 devices, a debug port can be used...
CVE-2019-14302
Affected product: Ricoh SP C250DN 1.06. Vulnerability: Debug port accessible on the device allows exploitation. Root cause: presence of an unprotected debug interface. Impact: With physical access, an attacker may execute arbitrary code, alter settings, or disable functions, and may access sensit...
CVE-2019-14302
On Ricoh SP C250DN 1.06 devices, a debug port can be used...
PT-2020-9546 · Ricoh · Ricoh Sp C250Dn
Name of the Vulnerable Software and Affected Versions: Ricoh SP C250DN version 1.06 Description: A debug port can be used on the device, which may pose a security risk. Recommendations: For version 1.06, consider disabling the debug port to prevent potential exploitation...
Code injection
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged...
CVE-2014-8674
Multiple Cross-Site Scripting XSS vulnerabilities exist in Simple Online Planning SOPlanning before 1.33 via the document.cookie in nbmois and mbligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code...
CVE-2019-16272
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge adb enablement...