113 matches found
CVE-2019-11466
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access...
PT-2019-2369 · Cisco · Cisco Nx-Os +2
Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on...
UBUNTU-CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...
CVE-2017-0912
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...
CVE-2018-8755
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...
CVE-2018-0352
A vulnerability in the Disk Check Tool disk-check.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to log in to the...
Yestv camera has an override access vulnerability
Yestv yestv camera is wireless network wifi smart monitor. The yestv camera is vulnerable to an override access vulnerability. With the obtained address and username password, an attacker can exploit the vulnerability to obtain video information from the camera...
CVE-2018-0277
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security EAP-TLS certificate validation during EAP authentication for the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causi...
CVE-2017-12351
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...
CVE-2017-6737
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...
AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities
Exploit for cgi platform in category web applications AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pablo...
Woltlab Burning Board 2.x - ModCP.php SQL Injection
Woltlab Burning Board 2.x - ModCP.php SQL Injection source: https://www.securityfocus.com/bid/14617/info Woltlab Burning Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service
source: https://www.securityfocus.com/bid/9657/info Sami FTP Server has been reported prone to multiple remote denial of service vulnerabilities. It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the pmsystem.exe executable to raise a...