61 matches found
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00283)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in TR-069 Auto Configuration Server. A remote attacker can exploit this...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00282)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in some server implementations of the TR-069 protocol. A remote attacker could...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00284)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in some server implementations of the TR-069 protocol. A remote attacker could...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00279)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. Arbitrary code execution vulnerabilities exist in certain server implementations of TR-069. These vulnerabilities can be exploited...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00280)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. Arbitrary code execution vulnerabilities exist in certain server implementations of TR-069. These vulnerabilities can be exploited...
Citrix Netscaler SOAP Handler - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Citrix NetScaler SOAP Handler Remote Code Execution", 'Description' = %q This module exploits a memory corruption vulnerability on t...
CVE-2012-5509
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...
CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
Design/Logic Flaw
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
Design/Logic Flaw
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...
CVE-2012-5509
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...
CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
CVE-2012-5509
CVE-2012-5509 affects Aeolus Configuration Server used with Red Hat CloudForms Cloud Engine prior to 1.1.2. The aeolus-configserver-setup script creates a world-readable temporary file in /tmp that contains credentials, enabling a local attacker to read them. Red Hat’s advisory for CloudForms Clo...
CVE-2012-6117
CVE-2012-6117 affects Aeolus Configuration Server as used in Red Hat CloudForms Cloud Engine prior to 1.1.2. The issue is that /var/log/aeolus-configserver/configserver.log is world-readable, allowing local attackers to read plaintext passwords stored in the log file. Red Hat addressed this with ...
PT-2013-1801 · Red Hat · Aeolus Configuration Server
Name of the Vulnerable Software and Affected Versions: Aeolus Configuration Server versions prior to 1.1.2 Description: The issue concerns the aeolus-configserver-setup in the Aeolus Configuration Server, which is used in Red Hat CloudForms Cloud Engine. It uses world-readable permissions for a...
Configserver: Passwords from application blueprint stored plaintext in configserver.log
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
CVE-2000-0859
The CVE-2000-0859 entry describes a DoS in the NTMail web configuration server for NTMail V5 and V6 caused by remote attackers sending a sequence of partial HTTP requests. The impact is denial of service (availability) with no confidentiality or integrity impact stated, and the CVSS vector indica...
CVE-2001-0598
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large 45Kb amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled...
CVE-2001-0447
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" dot dot characters...
CVE-2000-0416
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server...