Solarwinds LEM 6.3.1 Shell Escape Command Injection

KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection Title: Solarwinds LEM Management Shell Escape via Command Injection Advisory ID: KL-001-2017-007 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt 1...

CVE-2016-10308

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...

Command injection

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...

CVE-2016-10308

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...

CVE-2016-10308

CVE-2016-10308 affects Siklu EtherHaul radios running versions prior to 3.7.1 and 6.x prior to 6.9.0. The vulnerability stems from a built-in, hidden root account with an unchangeable password shared across all devices. This account allows access to the embedded Linux OS via both SSH and the devi...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications !-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication URL:...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery !-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery

!-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-004.txt 1...

Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write Title: Trendmicro InterScan Arbitrary File Write Advisory ID: KL-001-2017-001 Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt 1. Vulnerability Details Affected Vendor:...

Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation

KL-001-2017-002 : Trendmicro InterScan Privilege Escalation Vulnerability Title: Trendmicro InterScan Privilege Escalation Vulnerability Advisory ID: KL-001-2017-002 Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-002.txt 1. Vulnerability...

Trendmicro InterScan Arbitrary File Write

Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a...

Trendmicro InterScan Privilege Escalation Vulnerability

Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact:...

Sophos Web Appliance 4.2.1.3 - Remote Code Execution

Sophos Web Appliance 4.2.1.3 - Remote Code Execution KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL:...

Sophos Web Appliance 4.2.1.3 - Remote Code Execution

KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt 1. Vulnerability Details Affected Vendor:...

Sophos Web Appliance 4.2.1.3 Privilege Escalation

KL-001-2016-008 : Sophos Web Appliance Privilege Escalation Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-008 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-008.txt 1. Vulnerability Details Affected Vendor: Soph...

Sophos Web Appliance 4.2.1.3 Remote Code Execution Vulnerability

Exploit for php platform in category web applications Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt 1. Vulnerability Details Affected Vendor: Sophos...

Sophos Web Appliance Remote Code Execution

Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-88: Argument Injection or Modification...

Sophos Web Appliance Privilege Escalation

Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-261: Weak Cryptography for Passwords Impact: Privilege Escalation Attack vector: HTTP 2...

Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials Vulnerability

Exploit for linux platform in category local exploits Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date: 2016.10.05 Publication URL:...

Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion

Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion Title: Cisco Firepower Threat Management Console Local File Inclusion Advisory ID: KL-001-2016-006 Publication Date: 2016.10.05 Publication URL:...