869 matches found
CVE-2016-8727
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker...
IBM WebSphere Portal Sensitive Information Disclosure Vulnerability (swg21963226)
IBM Websphere Portal is prone to sensitive information Disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2016-9346
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted...
BINOM3 Electric Power Quality Meter Information Disclosure Vulnerability
BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. An information disclosure vulnerability exists in BINOM3 Electric Power Quality Meter that could be exploited by an attacker to provide remote services with access to...
CVE-2016-3684
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338...
Moxa MiiNePort Information Disclosure Vulnerability (CNVD-2016-12353)
Moxa MiiNePort is an embedded device networking module from Moxa designed for manufacturers to connect serial devices to a network connection. An information disclosure vulnerability exists in Moxa MiiNePort, which arises from the program's failure to encrypt configuration data in a file. An...
CVE-2016-7960
Siemens SIMATIC STEP 7 TIA Portal before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors...
Siemens SIMATIC STEP 7 suffers from an information disclosure vulnerability (CNVD-2016-08769)
Siemens SIMATIC is an automation software with a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. A local attacker can exploit the vulnerability to bypass the protection of the TIA Portal Project File Transfer Format and access...
Cybozu Garoon Access Privilege Bypass Vulnerability
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. An access privilege bypass...
PT-2016-6210 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.11.4 Foreman versions 1.12.x prior to 1.12.1 Description: The issue allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information. This is possible because...
Intel releases fix for sleep mode configuration bypass
Lenovo Security Advisory: LEN-2015-049, LEN-2015-050, LEN-2015-051 Potential Impact: Elevation of Privilege Severity: High Summary: Intel has released an update that has been incorporated into the latest Lenovo BIOS to fix vulnerabilities dealing with systems going into sleep mode. Description:...
CVE-2016-5849
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage...
CVE-2016-5366
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...
Moxa MiiNePort Information Disclosure Vulnerability
Moxa MiiNePort is an embedded device networking module designed for manufacturers to connect serial devices to a network connection. Moxa MiiNePort stores information in clear text and does not provide a protection mechanism, allowing an attacker to view sensitive or configuration information...
CVE-2016-1776
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DSStore and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request...
Apple OS X Server Information Disclosure Vulnerability (CNVD-2016-01860)
Apple OS X Server is a set of Unix-based server operating software from the U.S. company Apple Apple. The software can realize file sharing, meeting arrangement, website hosting, network remote access, etc. Web Server is one of the Web servers. A security vulnerability exists in Apple OS X Server...
Malwarebytes Anti-Malware Security Bypass Vulnerability
Malwarebytes Anti-Malware MBAM is a suite of anti-malware spyware from the American company Malwarebytes. The software supports the removal of worms, dial-up programs, Trojans, rootkits, spyware, exploits, bots, and other malware, among others. There are security bypass vulnerabilities in MBAM. A...
KMC Controls Conquest BACnet Router Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...
CVE-2015-7925
Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...