Design/Logic Flaw

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file...

CVE-2016-2307

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file...

[ASA-201610-3] hostapd: multiple issues

Arch Linux Security Advisory ASA-201610-3 ========================================= Severity: High Date : 2016-10-04 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : hostapd Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package hostapd befor...

Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal （ https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...

Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal （ https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...

MariaDB 10.1.0 < 10.1.17

The version of MariaDB installed on the remote host is prior to 10.1.17. It is, therefore, affected by a vulnerability as referenced in the 10.1.17 advisory. - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x...

MariaDB 10.0.0 < 10.0.27 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.27. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.27 advisory. - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and...

Windows Forensic Data Collection: IR-rescue

Windows Forensic Data Collection ir-rescue is a Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility. It is intended for incident response use at different stages in the analysis and investigation process. It...

Trane Tracer SC Information Disclosure Vulnerability

The Trane Tracer SC is an intelligent control panel from Trane USA that communicates with HVAC equipment controllers. A security vulnerability exists in the web server in Trane Tracer SC 4.2.1134 and earlier versions. A remote attacker could exploit the vulnerability by sending a direct request t...

IRCCloud: Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE

Summary ======== During my reconnaissance for your bug bounty program, I discovered an instance of nginx version 1.4.6 running at the IP address https://54.153.101.52. To locate it, I search for IRCCloud-related certificated and found the self-signed certificate for this server...

Atlassian Confluence arbitrary file include Vulnerability (CVE-2015-8399)

Affect the Assembly: Atlassian Confluence Atlassian Confluence is less than 5. 8. 17 versions of the service exist in the arbitrary file read and directory traversal vulnerabilities /spaces/viewdefaultdecorator. action? decoratorName=. Lists the current directory /spaces/viewdefaultdecorator...

[SECURITY] Fedora 24 Update: elog-3.1.1-7.fc24

ELOG is part of a family of applications known as weblogs. Their general purpose is: 1. To make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages "entries" with optional HTML markup for presentation, and optional file...

Blue Coat Unified Agent < 4.6.2 Configuration File Manipulation Detection Failure

The version of Blue Coat Unified Agent installed on the remote Windows host is prior to 4.6.2. It is, therefore, affected by a flaw due to a failure to detect when a configuration file has been changed by an administrator when running in local enforcement mode. A local attacker can exploit this t...

Arbitrary File Download Vulnerability in Wando OA Professional Edition

Wando OA Professional is a comprehensive office system that combines the functions of collaboration software, portal, ERP, CRM, HR, finance, e-mail and video conferencing. The product has an arbitrary file download vulnerability, which can be exploited by an attacker to download any system file,...

Flexera InstallAnywhere Detection (Linux/Unix SSH Login)

Detects the installed version of Flexera InstallAnywhere on Linux. The script logs in via ssh, searches for executable and queries the version from SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Multiple IP Cameras Authentication Bypass Vulnerability - Active Check

The IP Camera is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-5812

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file...

Design/Logic Flaw

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file...

CVE-2016-5812

The CVE-2016-5812 issue affects Moxa OnCell devices: G3100V2 (before 2.8) and G3111/G3151/G3211/G3251 (before 1.7) store passwords in plaintext in configuration files. Root cause is PLAINTEXT STORAGE OF A PASSWORD (CWE-256). Impact per sources: local access could read sensitive credentials; ICS a...

CVE-2016-5812

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file...