PT-2024-11019 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS versions through 2018-08-30 Description: An issue was discovered where one incorrect handshake could complete with different epoch numbers in the packets Client Hello, Client key exchange, and Change cipher spec, which may...

Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from an infinite loop error during processing of ClientHello handshake message...

Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from a vulnerability in the DTLS server that allows a remote attacker to reuse...

Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and earlier versions that stems from the fact that an incorrect handshake may be accomplished using different...

CVE-2022-24696

Mirametrix Glance before 5.1.1.42207 released on 2018-08-30 allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites...

Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution

Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...

ViaBTC Exchange Server Digital Error Vulnerability

ViaBTC Exchange Server is a backend engine dedicated to cryptocurrency trading. An integer overflow vulnerability exists in the utils/utrpc.c file in versions of ViaBTC Exchange Server prior to 2018-08-21. An attacker could exploit this vulnerability to cause memory corruption...

ViaBTC Exchange Server Digital Error Vulnerability

ViaBTC Exchange Server is a backend engine dedicated to cryptocurrency trading. An integer overflow vulnerability exists in the network/nwbuf.c file in versions of ViaBTC Exchange Server prior to 2018-08-21. An attacker could exploit this vulnerability to cause memory corruption...

ViaBTC Exchange Server Digital Error Vulnerability

ViaBTC Exchange Server is a backend engine dedicated to cryptocurrency trading. An integer overflow vulnerability exists in the utils/utwssvr.c file in versions of ViaBTC Exchange Server prior to 2018-08-21. An attacker could exploit this vulnerability to cause memory corruption...

CVE-2018-20168

Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service "physical address not valid" panic via a crafted application...

Google gVisor Denial of Service Vulnerability

Google gVisor is a user-space kernel written in the Go language for use in Linux systems. A denial of service vulnerability exists in versions of Google gVisor prior to 2018-08-22, which can be exploited by an attacker to cause a denial of service...

Cisco RV110W Password Disclosure / Command Execution

!/usr/bin/env python2 Cisco RV110W Password Disclosure and OS Command Execute. Tested on version: 1.1.0.9 maybe useable on 1.2.0.9 and later. Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute Date: 2018-08 Exploit Author: RySh Vendor Homepage: https://www.cisco.com/ Version:...

ViaBTC Exchange Server Integer Overflow Vulnerability (CNVD-2018-20070)

ViaBTC Exchange Server is a dedicated backend engine for cryptocurrency trading. An integer overflow vulnerability exists in the network/nwbuf.c file in versions of ViaBTC Exchange Server prior to 2018-08-21. An attacker could exploit this vulnerability to cause memory corruption...

Null pointer dereference

wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image...

CVE-2018-17073

wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image...

translate man cross-site scripting vulnerability

translate man is a browser plugin that can call the Google Translate interface. A cross-site scripting vulnerability exists in versions of translate man prior to 2018-08-21. A remote attacker can exploit the vulnerability to execute malicious code with the help of the...

Lone Wolf Technologies loadingDOCS Arbitrary File Download Vulnerability

Lone Wolf Technologies loadingDOCS is a real estate document management plug-in. An arbitrary file download vulnerability exists in the 2018-08-13 version of Lone Wolf Technologies loadingDOCS, which can be exploited by a remote attacker to download arbitrary sensitive files by sending HTTPS...

CVE-2018-15502

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...

CVE-2018-15502

The CVE-2018-15502 entry concerns Lone Wolf Technologies loadingDOCS. An insecure permissions flaw in the 2018-08-13 version allows remote attackers to download confidential files by issuing HTTPS requests to predictable URLs. The root cause is inadequate access controls on resources, enabling un...

CVE-2018-15502

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...