545 matches found
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
!/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski http://legalhackers.com This is a limited version of the PoC exploit. It only...
CVE-2016-5812
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file...
CVE-2016-4494
Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...
CVE-2016-0879
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL...
openSUSE Security Update : the Linux Kernel (openSUSE-2016-629)
The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188:...
Moxa EDR-G903 Unauthorized Operation Vulnerability
Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in the Moxa EDR-G903 V3.4.11 and earlier versions. An unauthenticated remote attacker can exploit the vulnerability by accessing a specially crafted URL to delete server-side...
ICONICS WebHMI Directory Traversal Vulnerability
ICONICS WebHMI is a suite of real-time automation software in the HMI/SCADA suite using a Web browser. A directory traversal vulnerability exists in ICONICS WebHMI, which can be exploited by a remote attacker to download and view configuration files containing hashed passwords and other parameter...
Cisco ASR 9000 Series Router vty session closure denial of service vulnerability
The Cisco ASR 9000 is Cisco's ultra-high-capacity, carrier-grade edge router platform designed for next-generation IP network IP NGN transformation. A security vulnerability exists in the Cisco ASR 9000 series routers that allows local users to exploit the vulnerability to shut down VTY sessions ...
Schneider Electric InduSoft Password Storage Vulnerability
InduSoft Web Studio is a SCADA system and embedded instrumentation solution for developing HMIs, supervisory control and data acquisition. Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 stores the passwords for the...
ZTE ZXV10-H201L Multiple Vulnerabilities
Exploit for hardware platform in category web applications /-------------------------------------------------/ /Exploits found by TheWalk1ngShad0w / /My email: email protected / /-------------------------------------------------/ Exploit tested & working on modem with this build info:...
Vimeo: CRITICAL full source code/config disclosure for Cameo
Hi! The server at https://ci.cameo.tv/ has directory listing on and seems to host quiet a few debian packages containing extremely sensitive information database paswords, API keys, you name it. One example is the config package containing 16 config files, even personal ones containing local...
Fedora 21 : fedup-0.9.0-2.fc21 (2014-14347)
This update works around a serious problem in Fedora 21 Beta which makes systems automatically shut down 15 minutes into the upgrade. Other improvements : - Adds --product=PRODUCT flag, required for upgrades to F21 - Uses host's config files in upgrade.img, which should fix various upgrade proble...
Fedora 20 : fedup-0.9.0-1.fc20 (2014-14027)
Adds --product=PRODUCT flag, required for upgrades to F21 - Uses host's config files in upgrade.img, which should fix various upgrade problems e.g. incorrect keyboard layout when unlocking disks due to missing vconsole.conf - Logging improvements: complete upgrade log should appear in system...
HttpCombiner ASP.NET Remote File Disclosure Vulnerability
HttpCombiner ASP.NET is prone to remote file disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ultra Electronics 7.2.0.19 / 7.4.0.7 SQL Injection / Direction Creation
Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...
CVE-2014-5339
CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...
CVE-2014-5339
CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...
Code injection
CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...
openSUSE Security Update : kernel (openSUSE-SU-2013:1042-1)
The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...