774 matches found
Dodocool DC38 N300 - Cross-site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: DODOCOOL DC38 N300 Cross-site Request Forgery Date: 17-01-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: DODOCOOL Vendor Homepage: www.dodocool.com Version: RTN2-AW.GD.R3465.1.20161103 CVE:...
Design/Logic Flaw
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service by deleting the configuration via a wc.dll?wwMaintEditConfig request which reaches an older version of a West Wind Web Connection HTTP service...
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
Multiple denial of service vulnerabilities were disclosed on Network Time Protocol NTP offical website. Attackers can exploit these vulnerabilities to cause a denial of service DoS condition. If trap service is enabled, an attacker can exploit this vulnerabilityc by sending a specially crafted...
Configuration Modification
October CMS is vulnerable to configuration modification. The library does not validate the type of files allowed to be uploaded, allowing a malicious user to upload malicious Apache configuration files to the server...
CVE-2017-1000194
The CVE-2017-1000194 entry concerns October CMS, specifically build 412. The vulnerability enables modification of Apache configuration through the file upload feature, which can lead to site compromise and potentially affect other applications on the same server. The description across connected...
CVE-2017-6157
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)
Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...
Security Bypass Vulnerability in Multiple Huawei Phones
Huawei Berlin-L21, L21HN, L22, L22HN, L23, L24HN and FRD-L02, L04, L09, L14 and L19 are smartphones from Huawei. A security bypass vulnerability exists in multiple Huawei phones, where an attacker can modify the phone's configuration, which can lead to a bypass of the FRP feature...
CVE-2017-10833
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors...
CVE-2017-10833
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors...
CVE-2017-7420
An Authentication Bypass CWE-287 vulnerability in ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter...
Default configuration
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...
CVE-2017-6785
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...
Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...
Authentication flaw
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the 1 addPassthrough, 2 removePassthrough, 3 addEntry, 4 removeEntry, or 5 setEntries D-Bus API method...
CVE-2017-7877
CVE-2017-7877 affects flatCore 1.4.6 and is a CSRF vulnerability that allows remote attackers to modify CMS configurations. Public descriptions across NVD/CNVD/OSV lists confirm CSRF as the issue; CVSS v3.0 base score 8.8 (HIGH) with network attack, low attack complexity, no authentication, and u...
Command injection
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature...
FreeBSD -- Multiple vulnerabilities of ntp
Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-742...
MGASA-2016-0414 Updated ntp packages fix security vulnerabilities
When ntpd is configured with rate limiting for all associations restrict default limited in ntp.conf, the limits are applied also to responses received from its configured sources. An attacker who knows the sources e.g., from an IPv4 refid in server response and knows the system is misconfigured ...
Cisco ATA 187 Analog Telephone Adapter Unauthorized Access Security Bypass Vulnerability (cisco-sa-20130206-ata187)
Cisco ATA-187 is prone to a security bypass vulnerability because it allows attackers to gain unauthorized access to the device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...