869 matches found
Network Manager VPNC Elevation of Privilege Vulnerability
Network Manager VPNC plugin networkmanager-vpnc is a virtual network manager that supports connection to Cisco VPN. A security vulnerability exists in the Network Manager VPNC plugin prior to version 1.2.6, which stems from a newline character that can be used to inject the password helper...
Scout2 - Security Auditing Tool For AWS Environments
Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...
Design/Logic Flaw
All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP e.g., VoIP credentials or attack th...
ADB Broadband Gateways/Routers Local Root Jailbreak Vulnerability
ADB broadband gateways/routers on Epicentro platform are gateway and router devices for the Epicentro platform from ADB Switzerland. A security vulnerability exists in ADB broadband gateways/routers on Epicentro platform. An attacker could use this vulnerability to gain root access to the device,...
Apache Pluto Information Disclosure Vulnerability
Apache Pluto is the United States Apache Apache Software Foundation set of Portlet container runtime environment. An information disclosure vulnerability exists in the PortletV3AnnotatedDemo Multipart Portlet war file code in Apache Pluto version 3.0.0, which stems from the program's failure to...
Design/Logic Flaw
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
CVE-2018-1306
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
CVE-2018-1306
Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...
Security Bulletin: Security vulnerability in IBM Business Process Manager affects IBM Cloud Orchestrator (CVE-2014-8912)
Summary IBM Business Process Manager that is bundled with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition has identified a vulnerability. IBM Cloud Orchestrator V2.4 has addressed this vulnerability. It includes IBM Business Process Manager V8.5.6 CF2. Vulnerability Details...
Security Bulletin: IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities (CVE-2014-0830, CVE-2014-0831, CVE-2014-0832 , CVE-2014-0833)
Summary IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities Vulnerability Details CVE ID: CVE-2014-0830 SUMMARY: FTM 2.0 and 2.1 Table export function exposes a path traversal vulnerability DESCRIPTION: Search results in the FTM console can be exported as CSV format text files. As...
Security Bulletin: Security vulnerability in Business Space affects IBM Business Process Manager and WebSphere Process Server (CVE-2014-8912)
Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...
Security Bulletin: Vulnerability with Java Portlet Specification JSR 286 may affect WebSphere Application Server (CVE-2015-1926)
Summary There has been a change to the Java Portlet Specification 2.0 JSR 286 that may affect some configurations of WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1926 DESCRIPTION: The Java Portlet Specification JSR 286 API jar file code could allow a remote attacker to obta...
CVE-2017-17443
OPC Foundation Local Discovery Server LDS 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the...
Cisco Meeting Server 2000 Platforms Meeting Server Software Misconfiguration Vulnerability
Cisco Meeting Server CMS 2000 Platforms is the United States of America Cisco Cisco company's set of video conferencing solutions. Meeting Server CMS Software is running in which a set of video conferencing software. A misconfiguration vulnerability exists in CMS Software in Cisco CMS 2000...
Anni 5 in 1 XVR Information Disclosure Vulnerability
Anni 5 in 1 XVR is a multi-functional DVR device from China Anni Anni Digital Technology Company. A security vulnerability exists in the download.rsp file in the Anni 5 in 1 XVR device. A remote attacker can exploit this vulnerability to download configuration information and obtain passwords...
PT-2018-8721 · Cisco · Cisco Firepower System
Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A vulnerability in the management console could allow an unauthenticated, remote attacker to access sensitive data about the system. This issue is due to improper...
CVE-2018-10079
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...
CVE-2018-10079
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...
CVE-2018-10079
Geist WatchDog Console 3.2.2 CVE-2018-10079: a weak ACL on C:\ProgramData\WatchDog Console allows a local attacker to modify configuration data by updating config.xml or servers.xml. Root cause is insecure file permissions in the data directory. Impact is limited to local modification of configur...
CVE-2018-0266
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...