CVE-2018-1306

Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...

Security Bulletin: Security vulnerability in IBM Business Process Manager affects IBM Cloud Orchestrator (CVE-2014-8912)

Summary IBM Business Process Manager that is bundled with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition has identified a vulnerability. IBM Cloud Orchestrator V2.4 has addressed this vulnerability. It includes IBM Business Process Manager V8.5.6 CF2. Vulnerability Details...

Security Bulletin: IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities (CVE-2014-0830, CVE-2014-0831, CVE-2014-0832 , CVE-2014-0833)

Summary IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities Vulnerability Details CVE ID: CVE-2014-0830 SUMMARY: FTM 2.0 and 2.1 Table export function exposes a path traversal vulnerability DESCRIPTION: Search results in the FTM console can be exported as CSV format text files. As...

Security Bulletin: Security vulnerability in Business Space affects IBM Business Process Manager and WebSphere Process Server (CVE-2014-8912)

Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...

Security Bulletin: Vulnerability with Java Portlet Specification JSR 286 may affect WebSphere Application Server (CVE-2015-1926)

Summary There has been a change to the Java Portlet Specification 2.0 JSR 286 that may affect some configurations of WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1926 DESCRIPTION: The Java Portlet Specification JSR 286 API jar file code could allow a remote attacker to obta...

CVE-2017-17443

OPC Foundation Local Discovery Server LDS 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the...

Cisco Meeting Server 2000 Platforms Meeting Server Software Misconfiguration Vulnerability

Cisco Meeting Server CMS 2000 Platforms is the United States of America Cisco Cisco company's set of video conferencing solutions. Meeting Server CMS Software is running in which a set of video conferencing software. A misconfiguration vulnerability exists in CMS Software in Cisco CMS 2000...

Anni 5 in 1 XVR Information Disclosure Vulnerability

Anni 5 in 1 XVR is a multi-functional DVR device from China Anni Anni Digital Technology Company. A security vulnerability exists in the download.rsp file in the Anni 5 in 1 XVR device. A remote attacker can exploit this vulnerability to download configuration information and obtain passwords...

PT-2018-8721 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A vulnerability in the management console could allow an unauthenticated, remote attacker to access sensitive data about the system. This issue is due to improper...

CVE-2018-10079

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...

CVE-2018-10079

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...

CVE-2018-10079

Geist WatchDog Console 3.2.2 CVE-2018-10079: a weak ACL on C:\ProgramData\WatchDog Console allows a local attacker to modify configuration data by updating config.xml or servers.xml. Root cause is insecure file permissions in the data directory. Impact is limited to local modification of configur...

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities

Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...

CVE-2017-2826

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests...

CVE-2018-1211

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by...

Apache Geode cluster design vulnerability

Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster version 1.4.0. An attacker could exploit the...

Information Disclosure

geode-core is vulnerable to information disclosure. If a malicious user gains access to the Geode locator, they are able to access the configuration data and previously deployed code. This is possible because the configuration service doesn't correctly authorize configuration requests when...

Sensu Core Information Disclosure Vulnerability

Sensu Core is a set of business system monitoring platform from Sensu Corporation. The platform is capable of monitoring servers, services, application network devices, and other remote resources. A security vulnerability exists in the 'Sensu::Utilities.redactsensitive' function in Sensu Core...

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...