Versa Networks: Plaintext Credentials in Backups & Configs

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...

CVE-2018-0284

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...

CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...

RHEL 7 : setup (RHSA-2018:3249)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3249 advisory. The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profil...

Ubuntu: Security Advisory (USN-3489-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial of Service Vulnerability in Kewe's Text Display Screen Configuration Software KEC330

Kewei text display screen configuration software KEC330 is a replacement for the traditional panel controller, intelligent small human-machine interface. A denial of service vulnerability exists in KEC330, Kewe's text display screen configuration software. An attacker can cause the program to cra...

Arbitrary File Read Vulnerability in Metadata Platform (MetaCube) of Puyuan Information Technology Co.

Metadata Platform MetaCube of Puyuan Information Technology Co., Ltd. is a tool support for enterprises to establish metadata management system. An arbitrary file read vulnerability exists in MetaCube of Puyuan Information Technology Co. An attacker can exploit the vulnerability to read...

Arbitrary File Download Vulnerability in Wiktionary 51eweb System

Ltd. is a one-stop service company engaging in the service and development of network and related products, and providing professional informatization solutions and other one-stop services for customers. A file download vulnerability exists in the 51eweb system, which can be exploited by an...

WPScan v3.3.1 - Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...

CVE-2017-18348

Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNKHOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNKHOME/bin, becau...

Input validation

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially...

[SECURITY] Fedora 27 Update: calamares-3.1.8-2.fc27.1

Calamares is a distribution-independent installer framework, designed to in stall from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : AppArmor update (USN-3784-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3784-1 advisory. As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files...

Design/Logic Flaw

Previous releases of the Puppet devicemanager module creates configuration files containing credentials that are world readable. This issue has been resolved as of devicemanager 2.7.0...

CVE-2018-11748

Previous releases of the Puppet devicemanager module creates configuration files containing credentials that are world readable. This issue has been resolved as of devicemanager 2.7.0...

CVE-2018-11748

CVE-2018-11748 affects the Puppet device_manager module. Previous releases create configuration files that contain credentials and are world-readable, enabling credential exposure. This issue is fixed in device_manager 2.7.0 . Exploitation details are not provided in the documents; remediation is...

CVE-2018-11078

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

CVE-2018-11078

Dell EMC VPlex GeoSynchrony

CVE-2018-16715

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable EXE or dynamical...

CVE-2018-16715

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable EXE or dynamical...