407 matches found
CVE-2016-6825
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtai...
Teaching content management system ATutor 2.2.1 injection vulnerability-vulnerability warning-the black bar safety net
Atutor is an open source“content management system”Learning Content Management System, referred to as LCMS。 Using PHP, MySQL, HTTP Web server is recommended to use Apache. Teaching content management system ATutor 2.2.1 injection vulnerability Atutor in addition to teaching content management...
ATutor 2.2.1 SQL Injection / Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...
ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...
ATutor 2.2.1 SQL Injection / Remote Code Execution
This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator's interface where they can upload malicious code. This module requires Metasploit:...
The vulnerability of the microprogramming software of the Cisco wireless LAN controller allows a intruder to alter configuration parameters.
The vulnerability of Cisco wireless LAN controllers’ microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to remotely alter configuration parameters...
PT-2015-2867
Name of the Vulnerable Software and Affected Versions Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18 Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b Juniper ScreenOS versions 6.3.0r15...
The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a intruder to gain access to the device.
The vulnerability of the web interface of the Microprogramming Software for Control Systems of Power Supply Devices Janitza UMG 508, 509, 511, 604, 605 arises from the fact that these devices only support short PIN codes for authentication. Exploiting this vulnerability could allow an attacker,...
The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M340 programmable logic controller is due to authentication deficiencies. Exploiting this vulnerability could allow an attacker to cause malfunctions in service operations or execute arbitrary codes...
The vulnerability of the Cisco IOS operating system, which allows a perpetrator to gain unauthorized access to the device
The vulnerability of the SSHv2 component in Cisco IOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to a device by manipulating information about known user names and their associated RSA keys...
Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p1 Multiple Vulnerabilities
The version of the remote NTP server is 4.x prior to 4.2.8p1. It is, therefore, affected by the following vulnerabilities : - A security weakness exists due to the configauth function improperly generating default keys when no authentication key is defined in the ntp.conf file. Key size is limite...
Cerberus FTP Server 2.1 Information Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness...
Upgrade bundled Tomcat to the latest minor release
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33563. panel Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabiliti...
Fixed in Apache Tomcat 6.0.36
Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
Fixed in Apache Tomcat 7.0.30
Important: Denial of service CVE-2012-3544 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server. This was...
crypt(): DES encrypted password weakness
The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...
HP Universal CMDB Server Axis2 Default Credentials Remote Code Execution
HP Universal CMDB is a modular management system that consists of a business-service-oriented data model with built-in discovery of configuration items CIs and configuration item dependencies, visualization and mapping of business services, and tracking of configuration changes. A remote code...
CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (CVE-2010-0219)
CA ARCserve D2D is a disk-based backup solution that allows protecting and recovering business data on both physical and virtual servers. It includes a web 2.0 interface that proactively delivers updates. A remote code execution vulnerability has been reported in CA ARCserve D2D. The vulnerabilit...
HP OpenView Client Configuration Manager Radia Notify Code Execution (CVE-2006-5782)
An authentication weakness vulnerability exists in the Radia Notify Daemon component of HP OpenView Client Configuration Manager. The flaw is created by improper handling of user supplied data passed to the affected Radia Notify Daemon on TCP port 3465. By sending a crafted message, the attacker...
RHEL 3 / 4 : freeradius (RHSA-2006:0271)
Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized...