VideoIQ Camera - Local File Disclosure

Exploit for php platform in category web applications "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n";...

FEI news router K1 information disclosure vulnerability

Reference source: FEI news mainstream router K1 loopholes and collect user information FEI news PSG1208K1is Fibonacci Telecommunications Company, the main push of a home router product, we through the analysis of a router firmware find there are a lot of problems. First, we use a firmware analysi...

IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2016-05955)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM ha...

Windows Gather Avira Password Extraction

This module extracts the weakly hashed password which is used to protect a Avira Antivirus 'Windows Gather Avira Password Extraction', 'Description' = %q This module extracts the weakly hashed password which is used to protect a Avira Antivirus MSFLICENSE, 'Author' = 'Robert Kugler / robertchrk',...

The vulnerability of the ABB PCM600 control and configuration device allows a intruder to gain access to user passwords.

The vulnerability of the ABB PCM600 control and configuration device lies in the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a malicious actor, operating locally, to gain access to the passwords of the IEC61850 OPC server by analyzing the System.xml...

Design/Logic Flaw

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by 1 reading a configuration file or 2 examining a process...

CVE-2016-0338

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by 1 reading a configuration file or 2 examining a process...

[SECURITY] Fedora 22 Update: sudo-1.8.17p1-1.fc22

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Default configuration

The management console in Symantec Workspace Streaming SWS 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization SWV 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download...

The vulnerability of PHP software allows a malicious individual to compromise the integrity and accessibility of protected information.

The vulnerability in acinclude.m4, which is used in the PHP configuration script, allows a local user to replace arbitrary files by using an attack on the /tmp/phpglibccheck file, with symbolic links...

[SECURITY] Fedora 22 Update: sudo-1.8.15-2.fc22

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Shadowd - Collection Of Tools To Detect, Record And Prevent Attacks On Web Applications

Shadow Daemon is a collection of tools to detect , record and prevent attacks on web application. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and...

CVE-2016-4511

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file...

CVE-2016-4494

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file...

Design/Logic Flaw

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors...

CVE-2016-4494

CVE-2016-4494 affects KMC Controls BAC-5051E routers with firmware prior to E0.2.0.2. The vulnerability is a cross-site request forgery (CSRF) that allows an unauthenticated or remote attacker to hijack a user’s session and read the device’s configuration contents via the web interface. Connected...

CVE-2016-4495

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors...

CVE-2016-4511

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file...

Cisco EPC 3928 XSS / DoS / Command Execution

Title: Cisco EPC 3928 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337 Author: Patryk Bogdan from Secorda securi...