CVE-2018-12163

Intel IoT Developers Kit 4.0 installer contains a DLL-injection vulnerability that could allow an authenticated local user to escalate privileges by modifying files during install. Affected: Intel IoT Developers Kit 4.0 and earlier. Root cause: DLL injection in the installer process enabling priv...

CVE-2018-16715

The CVE-2018-16715 entry concerns Absolute Software CTES Windows Agent (up to 1.0.0.1479). Root cause: security permissions on %ProgramData%\CTES and subfolders allow write access by low-privilege users. Impact: this enables unauthorized replacement of service executables (EXE) or DLLs and modifi...

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

Open redirect

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

CVE-2018-15486

The CVE-2018-15486 entry concerns KONE Group Controller (KGC) devices prior to version 4.6.5. The vulnerability enables Una uthenticated Local File Inclusion and file modification via the open HTTP interface by altering the name parameter of the file endpoint (aka KONE-02). This could impact conf...

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

KONE KGC 4.6.4 - Multiple Vulnerabilities

KONE KGC versions 4.6.4 and below suffer from unauthenticated remote code execution, denial of service, local file inclusion, and missing FTP access control vulnerabilities. Vulnerabilities in KONEs Group Controller KGC -------------------------------------------------------------------------...

[SECURITY] [DSA 4285-1] sympa security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4285-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 05, 2018 https://www.debian.org/security/faq -...

HPE Moonshot Provisioning Manager Local Arbitrary File Modification Vulnerability

HPE Moonshot Provisioning Manager is an application for managing HPE Moonshot systems from Hewlett Packard Enterprise HPE. A local arbitrary file modification vulnerability exists in HPE Moonshot Provisioning Manager versions prior to 1.24, which can be exploited by a local attacker to modify...

CVE-2018-7073

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24...

CVE-2018-7073

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24...

Design/Logic Flaw

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24...

CVE-2018-7073

CVE-2018-7073 affects HPE Moonshot Provisioning Manager prior to v1.24. It is a local arbitrary file modification vulnerability in the provisioning manager (component: Moonshot Provisioning Manager) where a local attacker could modify arbitrary files. CVSS shows base score 5.5 (Medium) with local...

CVE-2018-7073

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24...

CVE-2017-3209

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem...

CVE-2018-10604

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution...

SEL Compass Elevation of Privilege Vulnerability

SEL Compass is an application for managing and updating SEL products from Schweitzer Engineering Laboratories SEL, USA. An elevation of privilege vulnerability exists in SEL Compass 3.0.5.1 and earlier versions, which arises from the program failing to properly set access rights and can be...

CVE-2018-2437

The SAP Internet Graphics Service IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification...

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available for these vulnerabilities Vendor: Schweitzer Engineering Laboratories, Inc. SEL Equipment: Compass and AcSELerator Architect Vulnerabilities: Incorrect Default Permissions,...