8 matches found
CVE-2025-34103
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticat...
CVE-2019-4241
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467...
PT-2019-16988 · Ibm · Ibm Pureapplication System
Name of the Vulnerable Software and Affected Versions: IBM PureApplication System versions 2.2.3.0 through 2.2.5.3 Description: The issue allows an authenticated user with local access to bypass authentication and obtain administrative access. Recommendations: For IBM PureApplication System...
PT-2019-16978 · Ibm · Ibm Pureapplication System
Name of the Vulnerable Software and Affected Versions: IBM PureApplication System versions 2.2.3.0 through 2.2.5.3 Description: The issue allows potentially sensitive information to be stored in log files, which could be accessed by a local user. Recommendations: For versions 2.2.3.0 through...
PT-2019-16983 · Ibm · Ibm Pureapplication System
Name of the Vulnerable Software and Affected Versions: IBM PureApplication System versions 2.2.3.0 through 2.2.5.3 Description: The issue makes it easier for attackers to compromise user accounts due to a lack of strong password requirements by default. Recommendations: For versions 2.2.3.0 throu...
SUSE-SU-2017:3029-1 Security update for ansible and monasca-installer
This update for ansible provides version 2.2.3.0 and fixes the following security issues: - CVE-2017-7481: Data for lookup plugins used as variables was not being marked as 'unsafe' and could lead to unintentional disclosure of information. bsc1038785 - CVE-2016-9587: Prevent compromised host to...
WePresent WiPG-1000 - Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WePresent WiPG-1000 Command Injection', 'Description' = %q This module exploits a command injection vulnerability in an...
WePresent WiPG-1000 Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability. This module requires Metasploit: http://metasploit.com/download Curre...