869 matches found
CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...
CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...
The vulnerability in the web interface of the microprogramming software-based network interface cards Cisco RV110W Wireless-N VPN and the multi-functional VPN routers Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN allows attackers to disclose sensitive information.
The vulnerability of the web interface of Microprogramming Software for Cisco RV110W Wireless-N VPN and Multi-Function VPN Routers such as Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN lies in the insufficient control of access to web interface files. Exploiting this vulnerability can...
Cisco HyperFlex Software Information Disclosure Vulnerability
Cisco HyperFlex Software is a scalable distributed file system from Cisco USA. The system provides unified compute, storage and networking through cloud management, providing enterprise-class data management and optimization services. An information disclosure vulnerability exists in the...
CVE-2018-0463
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...
CVE-2018-0463
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...
Input validation
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...
CVE-2018-1670
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946...
Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...
The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) is related to insufficient protection of configuration data, allowing attackers to gain unauthorized access to protected data.
The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router NWL-25 is related to insufficient protection of configuration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to configuration files and profiles...
Containous Traefik Information Disclosure Vulnerability
Containous Traefik is an open source reverse proxy and load balancing product from French company Containous. An information disclosure vulnerability exists in Containous Traefik version 1.6.x prior to 1.6.6. An attacker can exploit this vulnerability to obtain configuration and sensitive...
Information Disclosure Vulnerability in Haiwell C10S0R(-e) PLCs
C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain PLC configuration information via unauthorized construction of...
GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig
UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...
Privilege escalation
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
EUVD-2018-2957
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...