130 matches found
Remote code execution
Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...
CVE-2018-17191
Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...
DEBIAN-CVE-2018-17191
Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...
CVE-2018-17191
Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...
PT-2018-3343 · Apache · Apache Netbeans
Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions 9.0 Description: The issue is related to the Proxy Auto-Configuration PAC file in the Apache NetBeans development environment, which fails to neutralize script code in attributes on a web page. This can allow a remote...
Design/Logic Flaw
If all 64 digits of the connectivity association name CKN key or all 32 digits of the connectivity association key CAK key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an...
CVE-2014-2078
The backend in Open-Xchange OX AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts...
Open redirect
The backend in Open-Xchange OX AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts...
Cisco Patches Authentication Bypass in Cisco Prime Home
Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...
New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable
LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...
o2 DSL Auto Configuration Server Credential Disclosure
Advisory: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials The o2 Auto Configuration Server ACS discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This...
ZTE ZXHN H108N 3.3.0_MU CWMP Configuration Disclosure Vulnerability
ZTE ZXHN H108N version 3.3.0MU suffers from a CWMP configuration disclosure vulnerability. ZTE ZXHN H108N 3.3.0MU CWMP configuration disclosure Copyright 2015 c Todor Donev email protected http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg...
Apple Fixes Proxy Manipulation Vulnerability in iOS 8.3
If left unpatched, one of the vulnerabilities fixed in this week’s iOS update could render an iPhone near useless. If triggered, it could cause networking apps to quit, the system to grind to a halt. In some cases, the device wouldn’t even be able to be rebooted. The vulnerability, nicknamed...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00283)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in TR-069 Auto Configuration Server. A remote attacker can exploit this...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00282)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in some server implementations of the TR-069 protocol. A remote attacker could...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00279)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. Arbitrary code execution vulnerabilities exist in certain server implementations of TR-069. These vulnerabilities can be exploited...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00280)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. Arbitrary code execution vulnerabilities exist in certain server implementations of TR-069. These vulnerabilities can be exploited...
Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)
SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...
TR-069 Auto Configuration Servers Multiple Vulnerabilities (CVE-2014-2840; CVE-2014-4916; CVE-2014-4917; CVE-2014-4918; CVE-2014-4956; CVE-2014-4957)
The TR-069 protocol allows remote management of end-user broadband devices. Several vulnerabilities have been detected in certain TR-069 server implementations, that could allow a remote attacker to obtain administrative access to the servers or execute arbitrary code on them...
Apple Mac OS X不安全身份验证漏洞(CVE-2013-5181)
BUGTRAQ ID: 63350 CVECAN ID: CVE-2013-5181 OS X(前称Mac OS X)是苹果公司为麦金塔电脑开发的专属操作系统的最新版本。 OS X 10.9之前版本“邮件”的自动配置功能内存在安全漏洞,对于支持CRAM-MD5身份验证的服务器选择了纯文本身份验证,可使远程攻击者通过嗅探网络,获取敏感信息。 0 Apple Mac OS X 10.9 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(msg00004)以及相应补丁: msg00004:APPLE-SA-2013-10-22-3 OS X Mavericks v10....