13 matches found
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43628
Affected product: D-Link DIR-1935 (firmware 1.03). Vulnerable component: web management portal’s SetIPv6FirewallSettings handling of IPv6FirewallRule elements. Root cause: improper validation of a user-supplied string before it is used in a system call, enabling arbitrary code execution with root...
CVE-2022-43628
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16148)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to disclose sensitive information about an affected installation of...
Telmat Remote Code Execution (CVE-2020-16148)
A remote code execution vulnerability exists in Telmat. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-16148
Summary: CVE-2020-16148 relates to Telmat AccessLog, where the ping page of the administration panel on versions before 6.0 (TAL_20180415) can be abused to perform authenticated code injection over the network, potentially granting root shell privileges. This vulnerability is described across mul...
CVE-2019-16148
CVE-2019-16148 affects Sakai up to version 12.6 and is described as an XSS vulnerability exploited via a chat user name. The connected documents confirm the affected product/version and the vulnerability class (XSS), but do not provide root-cause details beyond the general description or any reme...
Opsview Monitor 5.x Command Execution Vulnerability
Exploit for multiple platform in category web applications Opsview Monitor Multiple Vulnerabilities 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL: http://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities Dat...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16148
CVE-2018-16148 affects Opsview Monitor (versions 5.2, 5.3, 5.4 prior to the patched 5.3.1/5.4.2 and 6.0). The issue is a cross-site scripting vulnerability in the diagnosticsb2ksy parameter of the /rest endpoint, allowing injected script to run in the victim’s browser context. Several connected s...
Multiple Remote Code-Execution Flaws Patched in Opsview Monitor
A slew of vulnerabilities have been disclosed in Opsview Monitor a proprietary IT monitoring software for networks and applications, which could enable remote code-execution, command-execution and local privilege-escalation. A total of five flaws CVE-2018-16148, CVE-2018-16147, CVE-2018-16146,...
Opsview Monitor Multiple Vulnerabilities
Advisory ID Internal CORE-2018-0008 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL:https://www.coresecurity.com/core-labs/advisories/opsview-monitor-multiple-vulnerabilities Date published: 2018-09-04 Date of last update: 2018-09-0...
CVE-2017-16148
The CVE-2017-16148 entry concerns the static file server serve46 . The connected advisories document a directory traversal vulnerability where a URL containing relative path segments (for example, ../../) can cause the server to disclose files outside the intended directory. The vulnerability aff...