114 matches found
CVE-2021-37343
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...
CVE-2021-37343
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...
Nagios XI 路径遍历漏洞
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A path traversal vulnerability exists in the AutoDiscovery component in versions of Nagios XI prior to 5.8.5. An attacker could exploi...
sane-backends security update
1.0.27-22 - related 1852663 - needed to rebuild due infrastructure error 1.0.27-21 - 1852663, 1848097 - NULL pointer dereference in saneiepsonnetread function 1.0.27-20 - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2img - 1852668, 1852667, 1852666, 1852665 - disable...
Citrix Endpoint Management AutoDiscovery Service Migration FAQ
What Changed? On April 15th Citrix Legacy AutoDiscovery Service Records were migrated ads.xm.cloud.com to discovery.cem.cloud.us What will we see on first Logon? 1. Citrix Active Discovery Service ADSUI→ shows no domain claimed After login will see no domains in ADS UI when they first logon. No...
CVE-2020-27887
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...
CVE-2020-27887
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...
CVE-2020-27887
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...
CVE-2020-27887
EyesOfNetwork 5.3–5.3-8 is affected. An authenticated web user with sufficient privileges can abuse the AutoDiscovery module to execute arbitrary operating system commands via the nmap_binary parameter to lilac/autodiscovery.php, indicating a command-injection style vulnerability with high impact...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
DEBIAN-CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Default credentials
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
UBUNTU-CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
CVE-2020-15646
This CVE describes a credential theft flaw in Thunderbird: if an attacker can intercept Thunderbird’s initial automatic account setup via Microsoft Exchange autodiscovery and reply with crafted data, Thunderbird may send a username and password over HTTPS to the attacker-controlled server. Affect...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
CVE-2020-24055
Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...
CVE-2020-24055
Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...
Stack overflow
Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...
CVE-2020-24055
The CVE-2020-24055 entry applies to Verint 5620PTZ and Verint V4320 series (Firmwares: Verint_FW_0_42, V4320_FW_0_23, V4320_FW_0_31). An autodiscovery service in /usr/sbin/DM listens on TCP port 6666 and is vulnerable to a stack-based buffer overflow. The service requires no authentication, enabl...