46 matches found
HeaderMap::Drain API is unsound
Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...
Design/Logic Flaw
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archivesynczones script SEC-355...
CVE-2018-20946
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archivesynczones script SEC-355...
hola.com XSS vulnerability
Vulnerable URL: http://www.hola.com/a/"' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 05.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 355 VIP website status:| Yes Coordinated Disclosure Timeline: Description| Value ---|---...
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow
Exploit Title:Oracle 9i XDB HTTP PASS Buffer Overflow Date: 09/25/2017 Exploit Author: Charles Dardaman Twitter: https://twitter.com/CharlesDardaman Website: http://www.dardaman.com Version:9.2.0.1 Tested on: Windows 2000 SP4 CVE: 2003-0727 This is a modified stand alone exploit of...
Multiple Westermo Routers Hardcoded Password Vulnerability
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...
CVE-2017-12709
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device...
CVE-2017-12703
A Cross-Site Request Forgery CSRF issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to...
CVE-2016-5816
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to...
Hardcoded credentials
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source...
CVE-2017-12709
CVE-2017-12709 describes a local-authentication vulnerability in Westermo MRD-305-DIN (older than 1.7.5.0) and MRD-315, MRD-355, MRD-455 (older than 1.7.5.0). The root cause is the use of hard-coded credentials, which could allow an unauthorized local user with low privileges to access the device...
CVE-2017-12703
A Cross-Site Request Forgery CSRF issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to...
CVE-2017-12709
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device...
CVE-2016-5816
Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455 are affected when firmware is older than 1.7.5.0. The issue is Use of Hard-Coded Cryptographic Key (CWE-321): devices contain private cryptographic keys embedded in firmware, which could allow an attacker to decrypt traffic from other sources. P...
Multiple Westermo Routers Hardcoded for Unauthorized Access Vulnerability
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers have a hard-coded unauthorized access vulnerability, where the device uses hard-coded credentials that allow a local attacker to exploit the vulnerability to gain unauthorized access to the...
Multiple Westermo Router Spoofing Vulnerabilities
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A spoofing vulnerability exists in multiple Westermo routers, where an attacker could potentially spoof a user into making a malicious request to a server because the program does not verify that the user intended to...
repubblica.it XSS vulnerability
Vulnerable URL: http://www.repubblica.it/economia/miojob/offerte/lavoro/cerca/regione-emiliaromagna/areaname-assistenzaclientifjdqz%252d%252d%253e%253cscript%253eprompt%2528%2527OPENBUGBOUNTY%2527%2529%253c%252fscript%253enhfmd/?terms=666=customername+asc Details: Description| Value ---|---...
Westermo MRD-305-DIN/MRD-310/MRD-315/MRD-330/MRD-355/MRD-350/MRD-455 弱口令
No description provided by source...
Magnetrol HART DTM Vulnerability
OVERVIEW Alexander Bolshev of Digital Security has identified an improper input validation vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library extension utilized by some Magnetrol products. CodeWrights GmbH has updated its software library to mitigate this vulnerability...