Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability

No description provided by source. Vendor Homepage: http://www.ubnt.com/ Tested on: Kali Linux ----------------------------------------- Affected Products/Versions: ----------------------------------------- UniFi Controller v2.4.6 mFi Controller v2.0.15 AirVision Controller v2.1.3 Note: Previous...

CVE-2014-2717

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...

Supermicro Onboard IPMI Port 49152 Sensitive File Exposure Exploit

This module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the...

Joomla Component (com_jphone) Local File Inclusion Vulnerability

0x01 漏洞简述 CVE-2010-3426 CNNVD-201009-171 发布时间 : 2010-09-16 影响版本 : 1.0 Alpha 3 官方主页 : http://www.4you-studio.com 下载链接 : http://www.joomlafrance.org/telecharger/download/Jphone/344bbad81cf491b6e5215e3f15fc3fb7.html 4You-Studio JPhone组件 'controller' 参数本地文件包含漏洞 Joomla!是一款开放源码的内容管理系统CMS。 Joomla!中的JPho...

Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6666/info It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote...

Magento 1.2 app/code/core/Mage/Adminhtml/controllers/IndexController.php email Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/33872/info Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affect...

Samsung D6000 TV Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Samsung devices with support for remote controllers http://www.samsung.com Versions: current Platforms: the vulnerable protocol is used on both TV and blue-ray devices so both of them should be vulnerable my tests were performed only ...

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

MS14-025: An Update for Group Policy Preferences

Today, we released an update to address a vulnerability in Group Policy Preferences MS14-025. Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...

CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

Design/Logic Flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via...

CVE-2014-0760

CVE-2014-0760 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is an undocumented FTP access path that allows remote attackers to execute arbitrary code or trigger a denial of service via unspecified vectors. Public exploitation is noted in ICS-CERT advisories; mu...

CVE-2014-0769

Vulnerability CVE-2014-0769 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is improper authentication (CWE-287): unauthenticated access to TCP ports 4000 (debug) and 4001 (log) allows remote attackers to modify configuration or delete log entries. Public advisor...

CVE-2014-0769 Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

PT-2014-3822 · 3S Smart Software Solutions +1 · Codesys +2

Name of the Vulnerable Software and Affected Versions: Festo CECX-X-C1 Modular Master Controller with CoDeSys version affected versions not specified Festo CECX-X-M1 Modular Controller with CoDeSys version affected versions not specified Description: The issue involves an undocumented access meth...

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities

vAPV: Virtual Application Delivery Controllers for Cloud and Virtualized Environments Powered by Array's award-winning 64-bit SpeedCoretm architecture, vAPV virtual application delivery controllers extend Array's proven price-performance and rich feature set to public and private clouds and...

[USN-2092-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2092-1 January 30, 2014 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Ubuntu 12.04 LTS / 12.10 / 13.10 : qemu, qemu-kvm vulnerabilities (USN-2092-1)

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. CVE-2013-4344 It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume...

USN-2092-1: QEMU vulnerabilities

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. CVE-2013-4344 It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume...

Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations

Fat Free CRM contains a flaw in user controllers that is triggered as JSON requests are rendered with a full JSON object. This may allow a remote attacker to gain access to potentially sensitive information e.g. other users password hashes...