Redis Replication Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Replication Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added since Redis 4.0.0 to...

MTN Group: Weak/Auto Fill Password

Summary: https://mtnc-selfservice.mtncameroon.net The following url has admin/admin as user name and password Steps To Reproduce: 1. open the url in any browser of your choice 1. enter admin as user name and password 1. booom .... full asset to super admin full panel Supporting Material/Reference...

Cross site request forgery (csrf)

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...

CVE-2020-3148 Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...

CVE-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects Sterling Integrator and Sterling File Gateway (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects Sterling Integrator and Sterling File Gateway. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

CVE-2019-13933

A vulnerability has been identified in SCALANCE X204RNA HSR, SCALANCE X204RNA PRP, SCALANCE X204RNA EEC HSR, SCALANCE X204RNA EEC PRP, SCALANCE X204RNA EEC PRP/HSR, SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-...

CVE-2019-6685

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...

The vulnerability of the wan.htm component in D-Link DIR-600M N 150 Wi-Fi routers allows a intruder to gain unauthorized access to protected information and alter the configuration settings.

The vulnerability of the wan.htm component in D-Link DIR-600M N 150 Wi-Fi routers is related to authentication errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and modify configuration settings...

Cisco NX-OS Software Privilege Escalation Vulnerability

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the CLI of Cisco NX-OS Software. This vulnerability could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient...

OPENSUSE-SU-2019:2628-1 Security update for calamares

This update for calamares fixes the following issues: - Launch with 'pkexec calamares' in openSUSE Tumbleweed, but launch with 'xdg-su -c calamares' in openSUSE Leap 15. Update to Calamares 3.2.15: - 'displaymanager' module now treats 'sysconfig' as a regular entry in the 'displaymanagers' list,...

CVE-2019-8123

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...

CVE-2019-8123

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...

Design/Logic Flaw

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...

CVE-2019-8123

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...

Input validation

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user...

CVE-2010-0737

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user...

CVE-2019-13549

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...

Authentication flaw

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...

CVE-2019-13549

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...