4561 matches found
SuiteCRM 7.11.18 - Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...
Code injection
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...
CVE-2021-3791
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...
Information disclosure
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...
CVE-2021-3791
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...
Binatone Motorola-branded Camera 日志信息泄露漏洞
Binatone Motorola-branded Camera is a Binatone licensed Motorola-branded product camera from Binatone Inc. The Binatone Motorola-branded Camera is vulnerable to information disclosure, which could be exploited by an attacker to download an encrypted log file containing sensitive information such ...
EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2021-2705)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2021-2680)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
PT-2022-9175 · Unknown +3 · Kexec-Tools +3
Name of the Vulnerable Software and Affected Versions: kexec-tools versions prior to 2.0.21-8 kexec-tools versions prior to 2.0.20-47 Description: A flaw was found in the permissions of a log file created by kexec-tools, allowing a local unprivileged user to read this file and leak kernel interna...
PT-2021-22878 · Siemens · Simatic Pcs 7 +1
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions prior to V9.1 SP1 SIMATIC PCS 7 version V8.2 SIMATIC PCS 7 version V9.0 through V9.0 SP3 UC03 SIMATIC WinCC versions prior to V15 SP1 Update 7 SIMATIC WinCC versions prior to V16 Update 5 SIMATIC WinCC versions prior to...
Siemens SIMATIC PCS 7和SIMATIC WinCC 日志信息泄露漏洞
Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, a German company.SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.Siemens SIMATIC PCS and A log information disclosure vulnerability exists in Siemens SIMATIC...
PT-2021-22582 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.8.0 Description: Multiple Cross Site Scripting XSS vulnerabilities exist in SEO Panel via several parameters in various PHP files. The affected parameters include to time in files such as backlinks.php, analytics.php, and...
VulnCheck KEV: CVE-2021-36955
Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...
EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2021-2624)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the...
MGASA-2021-0494 Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
CVE-2021-42840
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were...