Citrix SD-WAN and NetScaler SD-WAN - SQL Injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 contain an SQL injection vulnerability. An unauthenticated attacker can exploit improper validation of input in specific components, which could allow for execution of arbitrary SQL queries against the backend database...

CVE-2024-12989

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

Linux Distros Unpatched Vulnerability : CVE-2017-12989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- resp.c:respgetlength. CVE-2017-12989 Note that Nessus relies on the...

CVE-2024-12989

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989

CVE-2024-12989 concerns WISI Tangram GT31. The vulnerability affects an unknown function within the device’s HTTP Request Handler, enabling server-side request forgery (SSRF). Reports across multiple sources (Red Hat, PT-Security, CNNVD, NVD/CVELIST) indicate the issue can be exploited remotely a...

Oracle Linux 7 : microcode_ctl (ELSA-2023-12989)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12989 advisory. 2:2.1-73.19.0.3 - update 06-6a-06 to 0xd0003b9 CVE-2023-23583 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Citrix SD-WAN SQL Injection (CVE-2019-12989)

An SQL injection vulnerability exists in Citrix SD-WAN. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

CVE-2020-12989

CVE-2020-12989 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2020-12989

...

CVE-2019-12989

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection...

CVE-2019-12989

CVE-2019-12989 affects Citrix SD-WAN 10.2.x prior to 10.2.3 and NetScaler SD-WAN 10.0.x prior to 10.0.8. An unauthenticated attacker can exploit an SQL injection caused by improper input validation in specific components, potentially leading to arbitrary SQL execution against the backend database...

CVE-2019-12989

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution

Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link: https://www.citrix.com/downloads/citrix-sd-wan/ Version: Tested against 10.2.2...

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution Exploit

Exploit for cgi platform in category web applications Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link:...

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass Remote Command Execution

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass Remote Command Execution Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link:...

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link: https://www.citrix.com/downloads/citrix-sd-wan/ Version: Tested against 10.2.2...

CVE-2019-12989

creationtimestamp| type| source ---|---|--- 2019-07-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47112 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:29:17+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971435 2025-02-23...

CVE-2018-12989

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges...

CVE-2018-12989

The CVE-2018-12989 vulnerability affects Pearson VUE Certiport Console 8 and IQSystem 7 prior to 2018-06-26. The root cause is mishandling of child processes, which causes Internet Explorer or Microsoft Edge to be launched with Administrator privileges, enabling local privilege escalation. Public...