Siemens SIMATIC STEP 7 suffers from an information disclosure vulnerability (CNVD-2016-08769)

Siemens SIMATIC is an automation software with a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. A local attacker can exploit the vulnerability to bypass the protection of the TIA Portal Project File Transfer Format and access...

Cybozu Garoon Access Privilege Bypass Vulnerability

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. An access privilege bypass...

PT-2016-6210 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.11.4 Foreman versions 1.12.x prior to 1.12.1 Description: The issue allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information. This is possible because...

Intel releases fix for sleep mode configuration bypass

Lenovo Security Advisory: LEN-2015-049, LEN-2015-050, LEN-2015-051 Potential Impact: Elevation of Privilege Severity: High Summary: Intel has released an update that has been incorporated into the latest Lenovo BIOS to fix vulnerabilities dealing with systems going into sleep mode. Description:...

CVE-2016-5849

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage...

CVE-2016-5366

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...

Moxa MiiNePort Information Disclosure Vulnerability

Moxa MiiNePort is an embedded device networking module designed for manufacturers to connect serial devices to a network connection. Moxa MiiNePort stores information in clear text and does not provide a protection mechanism, allowing an attacker to view sensitive or configuration information...

CVE-2016-1776

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DSStore and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request...

Apple OS X Server Information Disclosure Vulnerability (CNVD-2016-01860)

Apple OS X Server is a set of Unix-based server operating software from the U.S. company Apple Apple. The software can realize file sharing, meeting arrangement, website hosting, network remote access, etc. Web Server is one of the Web servers. A security vulnerability exists in Apple OS X Server...

Malwarebytes Anti-Malware Security Bypass Vulnerability

Malwarebytes Anti-Malware MBAM is a suite of anti-malware spyware from the American company Malwarebytes. The software supports the removal of worms, dial-up programs, Trojans, rootkits, spyware, exploits, bots, and other malware, among others. There are security bypass vulnerabilities in MBAM. A...

KMC Controls Conquest BACnet Router Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...

CVE-2015-7925

Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...

The vulnerability of the Windows operating system, which allows a perpetrator to bypass the secure loading mechanism

The vulnerability of the Windows operating system’s kernel is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the trusted boot process by using a specially crafted BCD configuration...

IBM WebSphere Application Server (WAS) SNMP Implementation Sensitive Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere Application...

CVE-2015-0174

The CVE-2015-0174 issue affects IBM WebSphere Application Server (WAS) SNMP handling. The SNMP implementation in WAS 8.5 before 8.5.5.5 fails to properly handle configuration data, allowing remote authenticated users to obtain sensitive information via unspecified vectors. The connected IBM bulle...

McAfee Advanced Threat Defense Information Disclosure Vulnerability (CNVD-2015-02279)

McAfee Advanced Threat Defense provides advanced threat defense that defends against advanced malware, including zero-day persistent threats and advanced persistent threats. A security vulnerability in the McAfee Advanced Threat Defense WEB interface allows a remote, authenticated attacker to...

Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser

------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...

EMC M&R (Watch4net) MIB Browser Path Traversal

------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...

EMC M&R (Watch4net) MIB Browser Path Traversal Vulnerability

A path traversal vulnerability was found in EMC M&R Watch4net MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries...