The vulnerability of the microprogrammed Ethernet switch software from Moxa, models PT-7528 and PT-7828, stems from the use of rigidly encoded configuration data for the device’s console. This allows attackers to exploit their privileges to gain unauthorized access.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of rigidly encoded configuration data for the device’s configuration console. Exploiting this vulnerability can allow attackers to enhance their privileges...

Multiple Schneider Electric Products Server-Side Request Forgery Vulnerabilities

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A server-side request forgery vulnerability exists in several Schneider Electric products. An...

ScoutSuite - Multi-Cloud Security Auditing Tool

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of...

CVE-2019-6837

A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...

PT-2019-18372 · Unknown · U.Motion Server

Name of the Vulnerable Software and Affected Versions: U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15 Description: A Server-Side Request Forgery SSRF...

CVE-2019-1976 Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability

A vulnerability in the plug-and-play services component of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. A...

Information Disclosure

openstack-nova is vulnerable to information disclosure. An external exception from an API request from an authenticated user results in the leak of environment information or other confidential information such as configuration data...

U.S. Dept Of Defense: Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak

Description I discovered another LFD on the https://████/ virtual host on the █████ IP POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any...

Cisco Enterprise NFV Infrastructure Software Web Management Interface Authentication Bypass Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. An authentication bypass vulnerability exists in the web-based management...

CVE-2019-1627

A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...

CVE-2019-1627 Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...

CVE-2019-1627 Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...

CVE-2018-1990

IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283...

The vulnerability of MicroLogix 1400 programmable logic controllers and ControlLogix communication modules lies in the lack of authentication for critical functions, allowing attackers to trigger malfunctions during maintenance operations.

The vulnerability of the microprogrammed logic controller MicroLogix 1400 and the communication module 1756 ControlLogix lies in the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to cause a service failure by connecting via the CIP protoc...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability exists as the in-memory cache that exists on performance standby nodes is not purged if a mount filter was used to exclude the secondary cluster. This allows an attacker to retrieve mount configuration data whic...

CVE-2019-1762

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...

CVE-2019-1742

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious...

Cisco IOS XE Information Disclosure Vulnerability

Cisco IOS XE is a modular operating system based on the Linux kernel. An information disclosure vulnerability exists in the web UI of Cisco IOS XE, which can be exploited by a remote attacker to access sensitive configuration information by sending a malicious request to an affected device...