CVE-2018-7506

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information...

The vulnerability in the web server of the SyncBreeze file synchronization software, the DupScout file duplication detection software, the DiskSavvy disk space analyzer, and the DiskPulse logical disk change monitoring software allows a malicious actor to gain access to the system with NT AUTHORITY/SYSTEM privileges.

The vulnerability of the web server software for synchronizing SyncBreeze files, the software for detecting file duplicates DupScout, the disk space analyzer DiskSavvy, and the software for monitoring changes on hard drives DiskPulse is caused by buffer overflows. Exploiting this vulnerability ca...

Lutron Quantum BACnet Integration Devices Information Disclosure Vulnerability

Lutron Quantum BACnet Integration device is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Geovision Inc. IP Camera Remote Detection

Detection of running version of Geovision Inc. IP Camera. This script sends an HTTP GET request and tries to ensure the presence of Geovision Inc. IP Camera. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

D-Link DSL-2640U and DSL-2540U Remote Code Execution Vulnerability

The D-Link DSL-2640U and DSL-2540U are both router products from AUO D-Link. A remote code execution vulnerability exists in the diagping.cmd file in D-Link DSL-2640U devices with firmware versions IM1.00 and ME1.00 and DSL-2540U devices with firmware version ME1.00. A remote attacker can exploit...

Server side request forgery (ssrf)

diagping.cmd on D-Link DSL-2640U devices with firmware IM1.00 and ME1.00, and DSL-2540U devices with firmware ME1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...

CVE-2018-5371

diagping.cmd on D-Link DSL-2640U devices with firmware IM1.00 and ME1.00, and DSL-2540U devices with firmware ME1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...

Building Automation Systems BAS-Device Web Detection

Detection of running version of Building Automation System device. This script sends an HTTP GET request and tries to ensure the presence of Building Automation System devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Parallels Plesk Sitebuilder Multiple Vulnerabilities

Parallels Plesk Sitebuilder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Western Digital ShareSpace WEB GUI Detect

Detects the installed version of Western Digital ShareSpace. This script sends an HTTP GET request and tries to ensure the presence of Western Digital ShareSpace SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Authentication flaw

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

CVE-2017-16776

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

Trend Micro Control Manager importFile directory traversal

Added: 09/25/2017 BID: 96131 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A directory traversal vulnerability in the importFile.php script allows remote attackers to upload files containing arbitrary PHP script under the document roo...

Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Disk Pulse Enterprise GET Buffer Overflow', 'Description' = %q This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a...

Disk Pulse Enterprise GET Buffer Overflow

This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. This module requires Metasploit: https://metasploit.com/download...

Stack overflow

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

CVE-2017-1000028

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request...

Directory traversal

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request...