Lucene search
K

869 matches found

CNVD
CNVD
added 2018/07/24 12:0 a.m.5 views

Network Manager VPNC Elevation of Privilege Vulnerability

Network Manager VPNC plugin networkmanager-vpnc is a virtual network manager that supports connection to Cisco VPN. A security vulnerability exists in the Network Manager VPNC plugin prior to version 1.2.6, which stems from a newline character that can be used to inject the password helper...

8.8CVSS8.4AI score0.05059EPSS
Exploits7References1
Kitploit
Kitploit
added 2018/07/21 10:30 p.m.28 views

Scout2 - Security Auditing Tool For AWS Environments

Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...

7.2AI score
Exploits0References3
Prion
Prion
added 2018/07/06 2:29 p.m.17 views

Design/Logic Flaw

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP e.g., VoIP credentials or attack th...

7.2CVSS7.5AI score0.01583EPSS
Exploits5References5
CNVD
CNVD
added 2018/07/05 12:0 a.m.2 views

ADB Broadband Gateways/Routers Local Root Jailbreak Vulnerability

ADB broadband gateways/routers on Epicentro platform are gateway and router devices for the Epicentro platform from ADB Switzerland. A security vulnerability exists in ADB broadband gateways/routers on Epicentro platform. An attacker could use this vulnerability to gain root access to the device,...

7.8CVSS7.6AI score0.01583EPSS
Exploits5References1
CNVD
CNVD
added 2018/06/29 12:0 a.m.6 views

Apache Pluto Information Disclosure Vulnerability

Apache Pluto is the United States Apache Apache Software Foundation set of Portlet container runtime environment. An information disclosure vulnerability exists in the PortletV3AnnotatedDemo Multipart Portlet war file code in Apache Pluto version 3.0.0, which stems from the program's failure to...

7.5CVSS7.2AI score0.43895EPSS
Exploits5References1
Prion
Prion
added 2018/06/27 6:29 p.m.16 views

Design/Logic Flaw

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

5CVSS7.3AI score0.43895EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2018/06/27 6:29 p.m.24 views

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

7.5CVSS7.4AI score0.43895EPSS
Exploits5References2
CVE
CVE
added 2018/06/27 6:0 p.m.103 views

CVE-2018-1306

Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...

7.5CVSS7.3AI score0.43895EPSS
Exploits5References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.21 views

Security Bulletin: Security vulnerability in IBM Business Process Manager affects IBM Cloud Orchestrator (CVE-2014-8912)

Summary IBM Business Process Manager that is bundled with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition has identified a vulnerability. IBM Cloud Orchestrator V2.4 has addressed this vulnerability. It includes IBM Business Process Manager V8.5.6 CF2. Vulnerability Details...

5CVSS1AI score0.02127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:34 p.m.17 views

Security Bulletin: IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities (CVE-2014-0830, CVE-2014-0831, CVE-2014-0832 , CVE-2014-0833)

Summary IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities Vulnerability Details CVE ID: CVE-2014-0830 SUMMARY: FTM 2.0 and 2.1 Table export function exposes a path traversal vulnerability DESCRIPTION: Search results in the FTM console can be exported as CSV format text files. As...

6.8CVSS0.4AI score0.01441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.22 views

Security Bulletin: Security vulnerability in Business Space affects IBM Business Process Manager and WebSphere Process Server (CVE-2014-8912)

Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...

8.8CVSS0.3AI score0.02589EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.46 views

Security Bulletin: Vulnerability with Java Portlet Specification JSR 286 may affect WebSphere Application Server (CVE-2015-1926)

Summary There has been a change to the Java Portlet Specification 2.0 JSR 286 that may affect some configurations of WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1926 DESCRIPTION: The Java Portlet Specification JSR 286 API jar file code could allow a remote attacker to obta...

5.5CVSS0.2AI score0.02118EPSS
Exploits0Affected Software2
ATTACKERKB
ATTACKERKB
added 2018/06/13 6:29 p.m.3 views

CVE-2017-17443

OPC Foundation Local Discovery Server LDS 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the...

6.5CVSS5.5AI score0.00897EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/07 12:0 a.m.2 views

Cisco Meeting Server 2000 Platforms Meeting Server Software Misconfiguration Vulnerability

Cisco Meeting Server CMS 2000 Platforms is the United States of America Cisco Cisco company's set of video conferencing solutions. Meeting Server CMS Software is running in which a set of video conferencing software. A misconfiguration vulnerability exists in CMS Software in Cisco CMS 2000...

7.4CVSS7AI score0.00739EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/11 12:0 a.m.2 views

Anni 5 in 1 XVR Information Disclosure Vulnerability

Anni 5 in 1 XVR is a multi-functional DVR device from China Anni Anni Digital Technology Company. A security vulnerability exists in the download.rsp file in the Anni 5 in 1 XVR device. A remote attacker can exploit this vulnerability to download configuration information and obtain passwords...

9.8CVSS6.7AI score0.01596EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/05/02 12:0 a.m.4 views

PT-2018-8721 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A vulnerability in the management console could allow an unauthenticated, remote attacker to access sensitive data about the system. This issue is due to improper...

6.5CVSS6.9AI score0.02228EPSS
Exploits0References3
NVD
NVD
added 2018/04/20 9:29 p.m.35 views

CVE-2018-10079

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...

7.8CVSS7.4AI score0.00783EPSS
Exploits5References2
OSV
OSV
added 2018/04/20 9:29 p.m.6 views

CVE-2018-10079

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...

7.8CVSS5.8AI score0.00783EPSS
Exploits5References2
CVE
CVE
added 2018/04/20 9:0 p.m.65 views

CVE-2018-10079

Geist WatchDog Console 3.2.2 CVE-2018-10079: a weak ACL on C:\ProgramData\WatchDog Console allows a local attacker to modify configuration data by updating config.xml or servers.xml. Root cause is insecure file permissions in the data directory. Impact is limited to local modification of configur...

7.8CVSS5.9AI score0.00783EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2018/04/19 8:29 p.m.3 views

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

4.3CVSS5.8AI score0.01756EPSS
Exploits0References3
Rows per page
Query Builder