CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

Director showing error "Network unreachable. Check configuration, authentication, or service availability"

While connecting to Citrix ADMMAS from Director customer is getting error "Network unreachable. Check configuration, authentication, or service availability. " For configuring the Director with Citrix ADMMAS follow the...

Unitrends UEB 9 http api/storage remote root

It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system...

CVE-2017-9630

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions,...

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...

CVE-2017-11183

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter...

CVE-2017-6868

CVE-2017-6868 affects Siemens SIMATIC CP 44x-1 RNA modules (all versions before 1.4.1). An unauthenticated remote attacker who can reach Port 102/TCP and where the CP configuration file is stored on the RNA’s CPU may perform administrative actions on the CP through an improper authentication flaw...

WordPress Plugin WP-Testimonials 3.4.1 - SQL Injection

WordPress Plugin WP-Testimonials 3.4.1 - SQL Injection Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage:...

SUSE-SU-2017:1444-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian...

XenMobile: Cannot login to the console, Authentication fails

Unable to login to the XenMobile console. Cannot check the LDAP connections/ bindings from the console. The users are not connecting from the devices. We get "Incorrect Credentials" error message on the devices...

CVE-2017-7927

CVE-2017-7927 describes an authentication bypass in various Dahua devices (DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-...

PT-2017-4054

Name of the Vulnerable Software and Affected Versions Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530 Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401 Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 through...

UBUNTU-CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

Remote code execution

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...

DEBIAN-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

VMware vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue (VMSA-2016-0024, admin_key) - Active Check

VMware vSphere Data Protection VDP updates address SSH key-based authentication issue. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2016-6630

CVE-2016-6630 describes a DoS in phpMyAdmin triggered by an authenticated user who enters a very long password in the Change password dialog. Affected are phpMyAdmin 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. Connected documents corroborate the vulnerability in multipl...

XenMobile Domain users unable to authenticate - LDAP response read timed out, timeout used

If domain users or admins are failing to authenticate to XenMobile, verify if the following error appears in the debug log 2016-04-05T10:25:50.128+0000 | 5EAF1FBBC192FC0D | WARN | http-nio-10080-exec-77 | com.sparus.nps.apple.security.AuthUtils | Forcing LDAP auth: cannot refresh user data:...

MGASA-2016-0359 Updated java-1.8.0-openjdk packages fix security vulnerability

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions CVE-2016-5582...

Unable to authenticate users to use WiFi using Cisco-ISE.

If you see the following error whilst testing the connectivity from CIsco-ISe to the XenMobile sever. "Connection failed: there is a problem with the server Certificates or ISE trust store."...