23 matches found
CVE-2021-20585
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398...
CVE-2021-20576
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...
Stack overflow
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges...
IBM Security Verify Access 信息泄露漏洞
IBM Security Verify Access, formerly known as IBM Security Access Manager or ISAM, is designed to help you simplify user access and more securely adopt Web, mobile, IoT and cloud technologies. An information disclosure vulnerability exists in IBM Security Verify Access version 20.07. An attacker...
CVE-2021-20585
CVE-2021-20585 affects IBM Security Verify Access 20.07. It allows disclosure of sensitive information via HTTP server headers (partial confidentiality impact). No explicit root cause or remediation details are provided in the connected documents; exploitation status not described. Monitor for up...
CVE-2021-29665
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges...
CVE-2021-20576
CVE-2021-20576 affects IBM Application Gateway (IBM Application Gateway 1.0). A remote attacker could send a specially crafted HTTP GET request that could crash the application, indicating a potential denial of service. The NVD entry lists base scores of 5.0 (MEDIUM) CVSS2 and 7.5 (HIGH) CVSS3.1/...
CVE-2021-20576
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...
CVE-2021-20575
CVE-2021-20575 concerns IBM Application Gateway (IBM Application Gateway 1.0) where the application allows web pages to be stored locally and readable by other users on the same system, causing an information disclosure. The vulnerability description and multiple connected sources confirm this lo...
Microsoft Azure Sphere Code Execution Vulnerability
Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A code execution vulnerability exists in Microsoft Azure Sphere version 20.07, which stems from the Regular Signed Code Execution feature allowing arbitrary code execution. An attacke...
Microsoft Azure Sphere 注入漏洞
Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A code execution vulnerability exists in Microsoft Azure Sphere version 20.07, which stems from the Regular Signed Code Execution feature allowing arbitrary code execution. An attacke...
Microsoft Azure Sphere Information Disclosure Vulnerability
Azure Sphere is a secure, advanced application platform with built-in communications and security features for connected devices. An information disclosure vulnerability exists in Microsoft Azure Sphere versions prior to 20.07. An attacker could exploit the vulnerability to obtain resource IDs, S...
Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform
Details tied to a pair of remote code execution bugs in Microsoft’s IoT security platform called Azure Sphere were released Monday. Also made public were specifics associated with two additional privilege escalation flaws impacting the same cloud security platform. Public disclosure of all four o...
Teradici PCoIP Management Console Cross-Site Scripting Vulnerability
Teradici PCoIP Management Console is a console program for managing PCoIP clients from Teradici Canada. A cross-site scripting vulnerability exists in Teradici PCoIP Management Console versions prior to 20.07. The vulnerability stems from a lack of proper validation of client data by the web...
D-Link DIR-615 - Privilege Escalation Vulnerability
Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 - Privilege Escalation Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmwa...
D-Link DIR-615 Privilege Escalation
Exploit Title: D-Link DIR-615 - Privilege Escalation Date: 2019-12-10 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmware Version: 20.07 Tested on: Windows 10 an...
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting
Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Date: 2019-12-13 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmware Version:...
D-Link DIR-615 - Privilege Escalation
D-Link DIR-615 - Privilege Escalation Exploit Title: D-Link DIR-615 - Privilege Escalation Date: 2019-12-10 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmware...
D-Link DIR-615 Authorization Issues Vulnerability
The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. An authorization issue vulnerability exists in the D-Link DIR-615 using firmware version 20.05 and firmware version 20.07. The vulnerability stems from a lack of authentication measures or insufficient authentication streng...
CVE-2019-17353
CVE-2019-17353 affects D-Link DIR-615 devices with firmware version 20.05 and 20.07. The issue: the WAN management page (wan.htm) is accessible directly without authentication, leading to potential disclosure of WAN information and the ability for an attacker to modify data fields on that page. T...