Authorization

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...

Teracue ENC-400 - Command Injection Missing Authentication

Teracue ENC-400 - Command Injection Missing Authentication Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they...

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a backdoor account...

CVE-2018-15484

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

CVE-2018-15483

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

Remote code execution

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

Open redirect

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

Open redirect

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

CVE-2018-15484

The CVE-2018-15484 entry affects KONE Group Controller (KGC) devices prior to 4.6.5. The issue allows unauthenticated remote code execution via the open HTTP interface by modifying autoexec.bat (aka KONE-01). Impact is high: attacker can achieve remote code execution with network access and no pr...

CVE-2018-15486

The CVE-2018-15486 entry concerns KONE Group Controller (KGC) devices prior to version 4.6.5. The vulnerability enables Una uthenticated Local File Inclusion and file modification via the open HTTP interface by altering the name parameter of the file endpoint (aka KONE-02). This could impact conf...

CVE-2018-15484

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

CVE-2018-15483

CVE-2018-15483 affects KONE Group Controller (KGC) devices prior to 4.6.5. The issue enables Denial of Service via the open HTTP interface (KONE-04). Descriptions in connected sources confirm affected product/class and the vulnerability class, but there is no explicit remediation or in‑the‑wild e...

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

CVE-2018-15483

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

UBUNTU-CVE-2018-11769

CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...

Design/Logic Flaw

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...

PT-2018-1851

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description The issue is related to insufficient validation of HTTP requests in the web interface of the Cisco Adaptive...

Ladon Framework For Python 0.9.40 XXE Injection

Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service...

Ladon Framework For Python 0.9.40 XXE Injection Vulnerability

Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads. Versions 0.9.40...

Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Multiple vulnerabilities found in Wireless IP Camera P2P WIFICAM cameras and vulnerabilities in GoAhead Advisory URL: https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt Blog URL:...