CVE-2018-1670

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946...

Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...

Containous Traefik Information Disclosure Vulnerability

Containous Traefik is an open source reverse proxy and load balancing product from French company Containous. An information disclosure vulnerability exists in Containous Traefik version 1.6.x prior to 1.6.6. An attacker can exploit this vulnerability to obtain configuration and sensitive...

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) is related to insufficient protection of configuration data, allowing attackers to gain unauthorized access to protected data.

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router NWL-25 is related to insufficient protection of configuration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to configuration files and profiles...

Information Disclosure Vulnerability in Haiwell C10S0R(-e) PLCs

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain PLC configuration information via unauthorized construction of...

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...

Privilege escalation

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

EUVD-2018-2957

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

Network Manager VPNC Elevation of Privilege Vulnerability

Network Manager VPNC plugin networkmanager-vpnc is a virtual network manager that supports connection to Cisco VPN. A security vulnerability exists in the Network Manager VPNC plugin prior to version 1.2.6, which stems from a newline character that can be used to inject the password helper...

Scout2 - Security Auditing Tool For AWS Environments

Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...

Design/Logic Flaw

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP e.g., VoIP credentials or attack th...

ADB Broadband Gateways/Routers Local Root Jailbreak Vulnerability

ADB broadband gateways/routers on Epicentro platform are gateway and router devices for the Epicentro platform from ADB Switzerland. A security vulnerability exists in ADB broadband gateways/routers on Epicentro platform. An attacker could use this vulnerability to gain root access to the device,...

Apache Pluto Information Disclosure Vulnerability

Apache Pluto is the United States Apache Apache Software Foundation set of Portlet container runtime environment. An information disclosure vulnerability exists in the PortletV3AnnotatedDemo Multipart Portlet war file code in Apache Pluto version 3.0.0, which stems from the program's failure to...

Design/Logic Flaw

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...