Lucene search
+L

122 matches found

Debian CVE
Debian CVE
added 2020/01/28 3:21 p.m.55 views

CVE-2014-2914

fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...

9.8CVSS8.2AI score0.0319EPSS
Exploits0
Citrix
Citrix
added 2019/12/30 12:0 a.m.9 views

Desktop Studio Error: "Can't Get License Info"

The license server can be registered with XenDesktop either when XenDesktop is configured, or through the Change license server action on the Licensing node in Desktop Studio. When the administrator specifies the address of the license server, Desktop Studio attempts to discover the License...

7.2AI score
Exploits0
CNVD
CNVD
added 2019/01/11 12:0 a.m.7 views

CloudBees Jenkins Crowd 2 Integration Plugin Storing Credentials in Plain Text Format Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...

7.8CVSS6.6AI score0.00311EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2018/11/05 12:0 a.m.46 views

Linksys ESeries OS Command Injection (CVE-2018-3953; CVE-2018-3954; CVE-2018-3955)

A command injection vulnerability exists in the Linksys E Series line of routers. An attacker can exploit these bugs by sending an authenticated HTTP request to the network configuration service. An attacker could then gain the ability to arbitrarily execute code on the machine...

9CVSS3.2AI score0.13335EPSS
Exploits3
CNVD
CNVD
added 2018/07/26 12:0 a.m.4 views

Cisco SD-WAN Solution Remote Code Execution Vulnerability

Cisco vBond Orchestrator Software are products of Cisco. vBond Orchestrator Software is a set of security network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network extension solution running in it. An access control error...

8.8CVSS8.9AI score0.01964EPSS
Exploits0References1
Prion
Prion
added 2018/07/18 11:29 p.m.29 views

Design/Logic Flaw

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete bounds chec...

7.2CVSS7.3AI score0.00452EPSS
Exploits0References2Affected Software7
Cisco
Cisco
added 2018/07/18 4:0 p.m.35 views

Cisco SD-WAN Solution Local Buffer Overflow Vulnerability

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete bounds chec...

6.7CVSS3.7AI score0.00452EPSS
Exploits0References1
NVD
NVD
added 2018/02/26 2:29 a.m.26 views

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References1
Prion
Prion
added 2018/02/26 2:29 a.m.19 views

Code injection

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

5CVSS7.4AI score0.02043EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/02/26 2:29 a.m.19 views

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.7AI score
Exploits0References1
NVD
NVD
added 2018/01/30 8:29 p.m.17 views

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

9.8CVSS9.5AI score0.12313EPSS
Exploits4References4
Cvelist
Cvelist
added 2018/01/30 8:0 p.m.21 views

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

9.6AI score0.12313EPSS
Exploits4References4
OSV
OSV
added 2017/12/12 2:29 p.m.6 views

CVE-2017-16678

Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...

4.7CVSS5.8AI score0.0087EPSS
Exploits0References3
Prion
Prion
added 2017/12/12 2:29 p.m.18 views

Server side request forgery (ssrf)

Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...

6.5CVSS4.8AI score0.0087EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2017/12/12 2:0 p.m.52 views

CVE-2017-16678

CVE-2017-16678 describes a Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2, affecting SAP NetWeaver KM from 7.00–7.02 and KMC-BC 7.30, 7.31, 7.40, 7.50. The vulnerability lets an attacker manipulate the vulnerable application to send crafted...

6.5CVSS4.7AI score0.0087EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/12/12 2:0 p.m.28 views

CVE-2017-16678

Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...

4.8AI score0.0087EPSS
Exploits0References3
NVD
NVD
added 2017/06/26 7:29 a.m.27 views

CVE-2017-9466

The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...

9.8CVSS9.5AI score0.00488EPSS
Exploits2References1
OSV
OSV
added 2017/06/26 7:29 a.m.5 views

CVE-2017-9466

The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...

9.8CVSS5.8AI score0.00488EPSS
Exploits2References1
CNVD
CNVD
added 2017/06/21 12:0 a.m.5 views

TP-LINK WR841N Router Arbitrary Code Execution Vulnerability

The TP-Link WR841N is a SOHO wireless router. An arbitrary code execution vulnerability exists in the TP-LINK WR841N V8 and prior versions, which allows an attacker to bypass access restrictions to reset the router's authentication information passwords, etc.. After exploiting the vulnerability t...

9.8CVSS8.4AI score0.00488EPSS
Exploits2References1
myhack58
myhack58
added 2017/06/21 12:0 a.m.99 views

TP-Link WR841N router arbitrary code execution vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently, we at TP-Link WR841N V8 router has discovered two vulnerabilities, the use of these two vulnerabilities, we can in this paragraph on the router the implementation of our custom code. With the manufacturers friendly consultations after them in the new router firmware fixes...

0.00488EPSS
Exploits2
Rows per page
Query Builder