2867 matches found
CVE-2017-10930
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords...
Design/Logic Flaw
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords...
CVE-2017-10930
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords...
CVE-2017-10930
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords...
CVE-2017-10930
The ZXR10 1800-2S router (firmware before 3.00.40) has an access-control flaw that lets unauthorized users download configuration files containing admin usernames and passwords. Multiple sources confirm that ordinary users can bypass restrictions, even via manipulated cookies or requests, to retr...
Arbitrary File Download Vulnerability in SpecialUnit_ExportDown Page of ECOSYS Employment Information Management System
ECOS Employment Information Management System EIMS is an intelligent perceptive environment and comprehensive information service platform that provides personalized and customized services for teachers and students. An arbitrary file download vulnerability exists in the SpecialUnitExportDown pag...
[SECURITY] Fedora 25 Update: augeas-1.8.1-1.fc25
A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and...
YaST2 network file read vulnerability
Novell YaST Yet another Setup Tool is a set of RPM-based installation and configuration tools for the openSUSE and SUSE Linux Enterprise operating systems from the U.S. company Novell. The tool can configure the system hardware, network, services, etc. YaST2 network is one of the packages to mana...
SeaWell Networks Spectrum SDC Improper Authorization Vulnerability
SeaWell Networks Spectrum SDC is a video solution. The solution utilizes ABR repackaging technology to simplify IP video delivery using a common format. A security vulnerability exists in SeaWell Networks Spectrum SDC version 02.05.00. A remote attacker could exploit the vulnerability to perform...
Sobelow - Security-Focused Static Analysis for the Phoenix Framework
Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent introducing a number of common vulnerabilities. Currently Sobelow detects...
[SECURITY] Fedora 26 Update: augeas-1.8.1-1.fc26
A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and...
openldap security update
CentOS Errata and Security Advisory CESA-2017:1852 An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Cisco Elastic Services Controller Information Disclosure Vulnerability (CNVD-2017-221013)
Cisco Elastic Services Controller ESC is an open source modular system from Cisco USA. An information disclosure vulnerability exists in Cisco ESC version 2.32, which arises from the program's failure to adequately protect sensitive data. A remote attacker could exploit the vulnerability to brows...
CVE-2017-6774
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...
Information disclosure
A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...
CVE-2017-6772
A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...
CVE-2017-6774
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...
CVE-2017-6774
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...
CVE-2017-6774
CVE-2017-6774 affects Cisco ASR 5000 Series Aggregated Services Routers running StarOS. The issue is an arbitrary file write via FTP: sensitive system/configuration files can be overwritten because they are exposed in specific FTP subdirectories. A remote, authenticated attacker could exploit thi...
CVE-2017-6772
CVE-2017-6772 affects Cisco Elastic Services Controller (ESC) v2.3(2). A vulnerability causes information disclosure due to insufficient protection of sensitive data. An authenticated, remote attacker can view sensitive system configuration files by logging in and navigating to certain configurat...