4197 matches found
Siemens TeleControl Server Basic Elevation of Privilege Vulnerability
Siemens TeleControl Server Basic is a remote control system for Siemens equipment from Siemens, Germany. A security vulnerability exists in Siemens TeleControl Server Basic versions prior to 3.1. An attacker could use this vulnerability to elevate privileges and perform administrative operations...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
Design/Logic Flaw
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
Race condition
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4837
The connected sources confirm CVE-2018-4837 affects Siemens TeleControl Server Basic versions prior to 3.1, where a vulnerability in the webserver (ports 80/443) can cause a Denial-of-Service without affecting other functionality. The ICSA advisory reiterates this as a DoS risk via the webserver,...
CVE-2017-14803
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...
OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...
Salamandra - Spy Microphone Detection Tool
Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the microphone and the amount of noise and overlapped frequencies. Based on the generated noise it can estimate how close or far away you are from the...
PortSwigger Web Security: Leak of Platform Authentication credentials via Repeater
Burp Repeater leaks Platform Authentication HTTP Basic credentials when following redirections. Steps to reproduce: - Set up an open redirection on a site you control example.com. - Set up Platform Authentication for that same site. Use HTTP Basic auth and whatever credentials. - Using Repeater,...
Joomla VehicleManager 3.9.15 SQL Injection
Title: Joomla VehicleManager 3.9.15 - SQL injection Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/ Product: 'Joomla VehicleManager 3.9.15' Developer: OrdaSoft Extension type: Plugin Last...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...