CVE-2019-10990

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...

CVE-2019-10990

CVE-2019-10990 affects Red Lion Controls Crimson: versions 3.0 and earlier, and 3.1 prior to release 3112.00 use a hard-coded password to encrypt protected files in transit and at rest, potentially exposing configuration files. This is documented in multiple sources (including Red Lion advisories...

CVE-2019-10990

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...

SKA - Simple Karma Attack

SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP evil twin attack. When the target has connected to your WLAN you could active the HTTP redirection and perform a...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-1862)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS...

CVE-2019-14224

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr...

CVE-2019-14224

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr...

CVE-2019-12645

A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...

Design/Logic Flaw

A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...

CVE-2019-12645 Cisco Jabber Client Framework for Mac Code Execution Vulnerability

A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...

PT-2019-12124 · Red Lion Controls · Crimson

Name of the Vulnerable Software and Affected Versions: Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 Description: The issue allows an attacker to access configuration files due to the use of a hard-coded password for encrypting...

Cisco Jabber Client Framework for Mac Code Execution Vulnerability

A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

Remote Code Execution (RCE)

The K Desktop Environment KDE aka kdelibs is vulnerable to Remote Code Execution RCE. It is due to malicious desktop files and configuration files leading to code execution with minimal user interaction...

RHEL 7 : kdelibs and kde-settings (RHSA-2019:2606)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2606 advisory. The K Desktop Environment KDE is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Deskt...

Pwning a Siemens Scalance ICS switch through ARM reversing

We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...

Confluence Server Local File Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/x/uAsvOg . CVE ID: CVE-2019-3394. Product: Confluence Server. Affected Confluence Server product versions: 6.1.0 = 6.1.0 but less than 6.6.16 or who have downloaded and...

Fedora Update for kde-settings FEDORA-2019-39d23c7a94

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Code execution on Windows via OpenSSL engine injection

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to...

The vulnerability affects the implementation of the Smart Class class in the software for managing Red Hat Satellite systems, as well as the Foreman application for managing, configuring, and monitoring servers. This allows a malicious individual to modify the configuration files.

The vulnerability of the Smart Class class implementation in the software for managing Red Hat Satellite systems, as well as the Foreman management, configuration, and monitoring application, is related to improper authentication. Exploiting this vulnerability allows a malicious actor to remotely...