CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

Design/Logic Flaw

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

CVE-2018-11079

CVE-2018-11079 affects Dell EMC Secure Remote Services (ESRS) prior to 3.32.00.08. The vulnerability is plaintext storage of database credentials in a configuration file, allowing an authenticated user with access to that file to obtain the password and gain access to the application database. Se...

Oracle Java Usage Tracker usagetracker.properties Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Oracle Java. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a...

Dell EMC ESRS Virtual Edition Plaintext Password Storage Vulnerability

Dell EMC ESRS is a secure storage product from DEll. A plaintext password storage vulnerability exists in Dell EMC ESRS Virtual Edition that originates when database credentials are stored in plaintext in a configuration file. An authenticated, malicious user with access to the configuration file...

Authentication flaw

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file...

CVE-2018-14080

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file...

CVE-2018-14080

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file...

CVE-2018-14080

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file...

PT-2018-3885 · D Link · D-Link Dir-809 A1 +2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-809 A1 versions 1.09 and earlier D-Link DIR-809 A2 versions 1.11 and earlier D-Link DIR-809 Guest Zone versions 1.09 and earlier Description: An issue allows bypassing authentication mechanisms to download the configuration file. T...

OMRON CX-One CX-FLnet Type Heap-based Buffer Overflow (CVE-2018-8834)

A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Type parameter of the FLN configuration file...

MagniComp SysInfo Detection (Mac OS X SSH Login)

Detects the installed version of MagniComp SysInfo Version on Mac OS X. The script logs in via ssh, searches for configuration file SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

The vulnerability of the NordVPN software for accessing VPN services arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a malicious user to execute arbitrary commands or code with SYSTEM privileges.

The vulnerability of NordVPN’s software for accessing VPN services arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or code with SYSTEM privileges,...

The vulnerability of ProtonVPN’s software for accessing VPN services arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a malicious user to execute arbitrary commands or code with SYSTEM privileges.

The vulnerability of ProtonVPN’s software for accessing VPN services arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or code with SYSTEM privilege...

Dell PowerPath - Veeam Agent for Linux Limitations

Challenge If a Linux server has Dell PowerPath devices attached, all the underlying block devices representing the network paths to the server are skipped from processing. This will result in the error "No objects to backup" or PowerPath devices missing from the backup. If non-PowerPath devices a...

CVE-2018-16669

An issue was discovered in CIRCONTROL Open Charge Point Protocol OCPP before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife...

SynaMan 4.0 build 1488 - SMTP Credential Disclosure

Exploit Author: bzyo CVE: CVE-2018-10814 Twitter: @bzyo Exploit Title: SynaMan 4.0 - Cleartext password SMTP settings Date: 09-12-18 Vulnerable Software: SynaMan 4.0 build 1488 Vendor Homepage: http://web.synametrics.com/SynaMan.htm Version: 4.0 build 1488 Software Link:...

NordVPN Code Execution Vulnerability

NordVPN is a VPN software for anonymous access to the Internet. A code execution vulnerability exists in the connection function in NordVPN version 6.14.28.0, which can be exploited by an attacker to execute arbitrary commands with system privileges with the help of a specially crafted...

CVE-2018-4010

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges...