869 matches found
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...
CVE-2017-2826
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests...
CVE-2018-1211
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by...
Apache Geode cluster design vulnerability
Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster version 1.4.0. An attacker could exploit the...
Information Disclosure
geode-core is vulnerable to information disclosure. If a malicious user gains access to the Geode locator, they are able to access the configuration data and previously deployed code. This is possible because the configuration service doesn't correctly authorize configuration requests when...
Sensu Core Information Disclosure Vulnerability
Sensu Core is a set of business system monitoring platform from Sensu Corporation. The platform is capable of monitoring servers, services, application network devices, and other remote resources. A security vulnerability exists in the 'Sensu::Utilities.redactsensitive' function in Sensu Core...
CVE-2017-15696
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...
CVE-2018-1000060
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redactsensitive that can result in sensitive configuration data e.g. passwords may be logged in clear-text. This attack appear to be exploitabl...
CVE-2018-5726
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings...
The vulnerability of the SCC microprogramming software for ComfortLink II allows a intruder to gain unauthorized access to the device and obtain root privileges.
The vulnerability of the SCC microprogramming software for ComfortLink II lies in the execution of pre-set configuration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device with root privileges, using the SSH protocol...
Node.js third-party modules: [featurebook] Specification Server Directory Traversal via Crafted Browser Request
Hi, A crafted request can be leveraged to traverse the directory structure of a host using the featurebook server package, and request arbitrary files outside of the specified web root. Module specification Name: featurebook Version: 0.0.32 latest release build Verified conditions Test server:...
CVE-2017-10606
Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...
CVE-2014-2029
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com...
CVE-2017-6772
A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...
CVE-2017-7916
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be abl...
Pegasystem PEGA Platform Access Control Vulnerability
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists in th...
Cisco DPC3939 Firmware Arbitrary Command Execution Vulnerability (CNVD-2017-27789)
Cisco DPC3939 is a wireless voice gateway product from Cisco USA. Cisco DPC3939 firmware security vulnerability. Allows a remote attacker to execute arbitrary commands by utilizing local network access and connecting to the server's root syseventd, as evidenced by copying configuration data...
CVE-2017-9479
The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a...
CVE-2017-9479
The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a...
CVE-2017-8442
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...