1073 matches found
Proofpoint Insider Threat Management Server Authorization Bypass Vulnerability
Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. for preventing malicious operations by enterprise insiders. An authorization bypass vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.11.1, which stems from the...
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
Exploit for OS Command Injection in Apache Tomcat
CVE-2019-0232 Vulnerability analysis and PoC for the Apache To...
The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730, DriveLogix 1794-L34, Compact GuardLogix 5370, Compact GuardLogix 5380, GuardLogix 5570, GuardLogix 5580, and SoftLogix 5800 stem from insufficient protection of registration data. This allows attackers to elevate their privileges and alter the configuration of vulnerable devices.
The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730,...
Vulnerability found in Rockwell Automation Logix Controllers
A vulnerability has been found in Rockwell Automation Logix Controllers. The vulnerability allows a malicious party to bypass authentication. After this, it is possible to modify the configuration of the vulnerable system and to execute arbitrary code execute. The attack should be performed from...
Cisco Application Services Engine Unauthorized Access Vulnerability
Cisco Application Services Engine provides a common platform for deploying Cisco data center applications. An unauthorized access vulnerability exists in Cisco Application Services Engine version 1.13d and earlier, which can be exploited by a remote, unauthenticated attacker to elevate access to...
Cisco Application Services Engine Unauthorized Access Vulnerability (CNVD-2021-12827)
Cisco Application Services Engine provides a common platform for deploying Cisco data center applications. An unauthorized access vulnerability exists in Cisco Application Services Engine 1.13d and earlier versions, which can be exploited by a remote, unauthenticated attacker to elevate access to...
CVE-2021-1396
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
CVE-2021-1393
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
CVE-2021-1396
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
CVE-2021-1396 Cisco Application Services Engine Unauthorized Access Vulnerabilities
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
CVE-2021-1396 Cisco Application Services Engine Unauthorized Access Vulnerabilities
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
CVE-2021-1396
CVE-2021-1396 affects Cisco Application Services Engine (ASE) and enables an unauthenticated, remote attacker to access privileged host-level operations via insufficient access controls in an ASE Data Network API. Impact includes learning device-specific information, creating diagnostic files in ...
CVE-2021-1393 Cisco Application Services Engine Unauthorized Access Vulnerabilities
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...
CVE-2021-1393
Cisco Application Services Engine (ASE) is affected by CVE-2021-1393 and CVE-2021-1396 due to insufficient access controls in a Data Network service/API, enabling unauthenticated, remote attackers to gain privileged host-level access, learn device-specific information, create diagnostic files, an...
CVE-2021-20650
CVE-2021-20650 is a cross-site request forgery (CSRF) vulnerability affecting ELECOM NCC-EWF100RMWH2. The issue allows an attacker to hijack an administrator’s session and issue an arbitrary request, potentially altering device settings and enabling the telnet daemon via an unspecified vector. Pu...
SUSE-SU-2021:0185-1 Security update for samba
This update for samba fixes the following issues: - Update to 4.13.3 + libcli: smb2: Never print length if smb2signingkeyvalid fails for crypto blob; bso14210; + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; bso14486; + s3: smbd: Don't overwrite contents o...
CVE-2020-6776
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user Cross-Site Request Forgery...