3467 matches found
CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All...
CVE-2020-2001
CVE-2020-2001 affects Palo Alto Networks PAN-OS Panorama XSLT processing logic, where an external control of path and data allows an unauthenticated user with network access to PAN-OS management to write attacker-supplied files and escalate privileges. Affected versions include PAN-OS Panorama: a...
Microsoft Office Excel s_Schema Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1015 Microsoft Office Excel sSchema Code Execution Vulnerability May 12, 2020 CVE Number CVE-2020-0901 Summary An exploitable code execution vulnerability exists in the Excel sSchema functionality of Microsoft Corporation Microsoft Office 2001 build 12430.202...
FTP Brute Force Logins With Default Credentials Reporting
It was possible to login into the remote FTP server using weak/known credentials. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
vp1992-2001.president.ee Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1043825 Security Researcher fakessh Helped patch 1840 vulnerabilities Received 9 Coordinated Disclosure badges Received 60 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting vp1992-2001.president.ee...
Debian: Security Advisory (DLA-2001-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2001-1 : libofx security update
There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump. For Debian 8 'Jessie', this problem has been fixed in version 1:0.9.10-1+deb8u2. We recommend that you upgrade your libofx packages. NOTE: Tenable Network...
CIFS (SMB) File Name Patterns (CA-2001-26)
...
Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001)
Summary A recent product security scanning exercise identified that a cross-site request forgery vulnerability exists within REST in IBM Cúram Social Program Management. The issue relates to the checking of the HTTP referrer header for GET requests on the server side, which should be checked in a...
CVE-2019-2001
The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211...
CVE-2019-2001
CVE-2019-2001 affects the Android kernel iomem implementation. The issue is that the permissions on /proc/iomem were world-readable, enabling local information disclosure without any execution privileges or user interaction. The vulnerability is a local information disclosure (ID) with impact on ...
CVE-2019-2001
The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211...
Cross site scripting
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...
CVE-2018-17002
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...
CVE-2018-17002
The CVE-2018-17002 entry concerns the Ricoh MP 2001 printer, where HTML injection and stored XSS are reported in the address-adding flow via the parameter entryNameIn to the CGI path /web/entry/en/address/adrsSetUserWizard.cgi. Affected software is the Ricoh MP 2001 web interface; the issue arise...
CentOS Update for qemu-img CESA-2018:2001 centos7
Check the version of qemu-img SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882914";...
Microsoft IIS Command Execution (CVE-2001-0500) - Ver2
A command execution vulnerability exists in Microsoft IIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
RHEL 7 : qemu-kvm (RHSA-2018:2001)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2001 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...
CVE-2001-1013
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apacheuserdirenum.rb 2025-02-06 03:13:37+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:03+00:00| seen|...
CVE-2001-0537
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ciscoiosauthbypass.rb 2024-10-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-10-24 2024-10-25...