Lucene search
K

114 matches found

ATTACKERKB
ATTACKERKB
added 2021/08/13 12:15 p.m.3 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8CVSS7.5AI score0.2382EPSS
Exploits5References5
Cvelist
Cvelist
added 2021/08/13 11:32 a.m.39 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8AI score0.2382EPSS
Exploits5References2
CNNVD
CNNVD
added 2021/08/13 12:0 a.m.10 views

Nagios XI 路径遍历漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A path traversal vulnerability exists in the AutoDiscovery component in versions of Nagios XI prior to 5.8.5. An attacker could exploi...

8.8CVSS6.5AI score0.2382EPSS
Exploits5References4
Oracle linux
Oracle linux
added 2021/05/25 12:0 a.m.47 views

sane-backends security update

1.0.27-22 - related 1852663 - needed to rebuild due infrastructure error 1.0.27-21 - 1852663, 1848097 - NULL pointer dereference in saneiepsonnetread function 1.0.27-20 - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2img - 1852668, 1852667, 1852666, 1852665 - disable...

5.5CVSS3.4AI score0.00497EPSS
Exploits1
Citrix
Citrix
added 2021/04/29 12:0 a.m.6 views

Citrix Endpoint Management AutoDiscovery Service Migration FAQ

What Changed? On April 15th Citrix Legacy AutoDiscovery Service Records were migrated ads.xm.cloud.com to discovery.cem.cloud.us What will we see on first Logon? 1. Citrix Active Discovery Service ADSUI→ shows no domain claimed After login will see no domains in ADS UI when they first logon. No...

7.1AI score
Exploits0
NVD
NVD
added 2020/10/29 7:15 p.m.13 views

CVE-2020-27887

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...

9CVSS8.7AI score0.01744EPSS
Exploits0References3
OSV
OSV
added 2020/10/29 7:15 p.m.19 views

CVE-2020-27887

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...

8.8CVSS7.1AI score
Exploits0References3
Cvelist
Cvelist
added 2020/10/29 6:26 p.m.16 views

CVE-2020-27887

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...

9.1AI score0.01744EPSS
Exploits0References3
CVE
CVE
added 2020/10/29 6:26 p.m.45 views

CVE-2020-27887

EyesOfNetwork 5.3–5.3-8 is affected. An authenticated web user with sufficient privileges can abuse the AutoDiscovery module to execute arbitrary operating system commands via the nmap_binary parameter to lilac/autodiscovery.php, indicating a command-injection style vulnerability with high impact...

9CVSS8.7AI score0.01744EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/10/08 2:15 p.m.18 views

CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

5.9CVSS0.00961EPSS
Exploits0References2
OSV
OSV
added 2020/10/08 2:15 p.m.1 views

DEBIAN-CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

5.9CVSS5.8AI score0.00961EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/10/08 2:15 p.m.20 views

CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

5.9CVSS6.2AI score0.00961EPSS
Exploits0References2
Prion
Prion
added 2020/10/08 2:15 p.m.19 views

Default credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

4.3CVSS6.4AI score0.00961EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/10/08 2:15 p.m.3 views

UBUNTU-CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

5.9CVSS5.8AI score0.00961EPSS
Exploits0References3
CVE
CVE
added 2020/10/08 1:37 p.m.204 views

CVE-2020-15646

This CVE describes a credential theft flaw in Thunderbird: if an attacker can intercept Thunderbird’s initial automatic account setup via Microsoft Exchange autodiscovery and reply with crafted data, Thunderbird may send a username and password over HTTPS to the attacker-controlled server. Affect...

5.9CVSS6.3AI score0.00961EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/08 1:37 p.m.20 views

CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

6.4AI score0.00961EPSS
Exploits0References2
OSV
OSV
added 2020/08/21 3:15 p.m.3 views

CVE-2020-24055

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

9.8CVSS6.2AI score0.01624EPSS
Exploits1References2
NVD
NVD
added 2020/08/21 3:15 p.m.16 views

CVE-2020-24055

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

9.8CVSS9.5AI score0.01624EPSS
Exploits1References2
Prion
Prion
added 2020/08/21 3:15 p.m.15 views

Stack overflow

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

7.5CVSS9.4AI score0.01624EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2020/08/21 2:29 p.m.59 views

CVE-2020-24055

The CVE-2020-24055 entry applies to Verint 5620PTZ and Verint V4320 series (Firmwares: Verint_FW_0_42, V4320_FW_0_23, V4320_FW_0_31). An autodiscovery service in /usr/sbin/DM listens on TCP port 6666 and is vulnerable to a stack-based buffer overflow. The service requires no authentication, enabl...

9.8CVSS9.3AI score0.01624EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder