CVE-2018-20646

PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory...

Directory traversal

PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory...

CVE-2018-20645

Summary of CVE-2018-20645 : The vulnerability affects PHP Scripts Mall Basic B2B Script 2.0.9, with HTML injection possible through the First Name or Last Name fields. The initial disclosure lists a CVSS base score of 5.4 (Medium) on CVSS 3.0 and 3.5 (Low) on CVSS 2.0, indicating a moderate impac...

CVE-2018-20644

Technical details about CVE-2018-20644 are not publicly provided in the supplied documents. Monitor for updates from official sources for affected products, impact, and remediation.

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None...

Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow

Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None !/usr/bin/python This script started from PWK, Chapter 6 I a...

CVE-2019-1598

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

The vulnerability of the SoMachine Basic software lies in its default access settings, which allow a perpetrator to gain access to the files of the SoMachine Basic resources.

The vulnerability of the SoMachine Basic software is related to incorrect default access settings. Exploiting this vulnerability can allow an attacker to gain access to the files of the SoMachine Basic resources...

The vulnerability of the SoMachine Basic software, related to configuration errors, allows a perpetrator to execute SoMachine.

The vulnerability of the SoMachine Basic software is related to configuration errors. Exploiting this vulnerability allows a remote attacker to execute SoMachine by sending specially crafted Ethernet messages...

DEBIAN-CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values...

Stack overflow

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices possibly WF2411 through WF2880, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service device restart or remote code execution. This vulnerability can be triggered by a GE...

PT-2019-1482

Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.10.0.0 SoMachine Basic affected versions not specified Description The issue is related to an incorrect configuration of the Ethernet interface in the Modicon M221 programmable logic controller when the...

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

Authentication flaw

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

CVE-2019-7675

MOBOTIX S14 MX-V4.2.1.61 devices are affected by CVE-2019-7675, where the default management interface is served over cleartext HTTP with Basic Authentication (/admin/index.html). This exposes credentials in transit, enabling potential interception of authentication material and unauthorized acce...

Kentix MultiSensor-LAN 5.63.00 Authentication Bypass Vulnerability

Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user...

dnSpy - .NET Debugger And Assembly Editor

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing a...

Timing Attack Vulnerability In Basic Authentication

Action Controller in the actionpack gem has a flaw in the way it compares usernames and passwords in the basic authentication authorization code. Due to the flaw, attackers can launch a timing attack by analyzing the time taken by a response and use the difference to find a valid username and...