CVE-2017-6772

A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...

Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability

A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...

CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

DEBIAN-CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities - Windows

Apache Tomcat is prone to security bypass and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-6794

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for...

CVE-2016-6794

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for...

CVE-2016-6794

CVE-2016-6794 affects Apache Tomcat across multiple branches (7.x, 8.x, 9.x) and versions, where the system property replacement feature for configuration files can bypass a configured SecurityManager to read restricted system properties. Connected advisories show concrete impact and suggested fi...

CVE-2016-6794

Removed by vendor...

Trane Tracer SC <= 4.2.1134 Information Exposure Vulnerability - Active Check

Trane Tracer SC is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

RedHat Update for tomcat RHSA-2017:2247-01

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Privilege Access Control Vulnerability

The ABB VSN300 WiFi Logger Card and the VSN300 WiFi Logger Card for React are both wireless data logger card products from Asea Brown Boveri ABB, Switzerland. A security vulnerability exists in the ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React, which stems from the program...

puppet-naivesigning NSE Script

Detects if naive signing is enabled on a Puppet server. This enables attackers to create any Certificate Signing Request and have it signed, allowing them to impersonate as a puppet agent. This can leak the configuration of the agents as well as any other sensitive information found in the...

Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. The vulnerability is due to improper handling of modified backup configuration files. An attacker could exploit...

Check_MK 1.2.4 < 1.2.4p4 / 1.2.5 < 1.2.5i4 Multiple Vulnerabilities

The version of CheckMK running on the remote web server is 1.2.4 prior to 1.2.4p4 or 1.2.5 prior to 1.2.5i4. It is, therefore, affected by multiple vulnerabilities : - Multiple cross-site script XSS vulnerabilities exist in the multisite component, specifically within the renderstatusicons functi...

Trihedral VTScada Information Disclosure Vulnerability

Trihedral VTScada formerly known as VTS is a SCADA system from Trihedral Engineering, Canada, based on a Windows platform with a Web interface option. An information disclosure vulnerability exists in Trihedral VTScada versions prior to 11.2.26. An attacker could exploit this vulnerability to...

SurgeNews User Credentials

This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This module extracts the...

Open Sources Research Framework: OSRFramework

Open Sources Research Framework OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regul...

CVE-2017-7913

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell...