CVE-2018-15458

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...

CVE-2018-15458 Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...

Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...

DEBIAN-CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

ALPINE-CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

UBUNTU-CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2018:4066-1)

This update for samba fixes the following issues : Update to samba version 4.7.11. Security issues fixed : CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server bsc1116319. CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal bsc1116320. CVE-2018-16851: Fixed NULL pointer...

The Citrix Profile Management service failed to start when PathToLogFile parameter is set to a remote machine

Citrix Profile Management is not operating on the VDA because the Citrix Profile Management service failed to start in a timely fashion. This occurs when the “Path to log file” Profile Management policy or PathToLogFile parameter has been set to a remote machine UNC path. The event logs may inclu...

Zomato: [www.zomato.com] Blind XSS in one of the admin dashboard

Summary: Admin dasboard ████ from user has XSS Vul Steps To Reproduce: 1. Login ██████ 1. Go to ███ function and intercept request Post data: "/zomato.php?c=zomatoxss" / POST ████ HTTP/1.1 X-Zomato-App-Version-Code: 5610001 ██████████ ███████ X-Zomato-API-Key: ███████ X-App-Language:...

UBUNTU-CVE-2018-19960

The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...

CVE-2018-14700

Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter...

CVE-2018-14700

CVE-2018-14700 affects Drobo 5N2 NAS (version 4.0.5-13.28.96115) via the /mysql/api/logfile.php endpoint. The vulnerability arises from incorrect access control, enabling unauthenticated attackers to retrieve MySQL log files by supplying a name parameter. This exposes partial confidentiality (log...

GreenCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00334)

GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit this vulnerability to delete log files with the help of the index.php?m=admin&c=data&a=clear URI...

Cross site request forgery (csrf)

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...

CVE-2018-19376

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...

CVE-2018-19376

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...

CVE-2018-19376

GreenCMS v2.3.0603 is affected by a cross-site request forgery (CSRF) vulnerability that allows an attacker to delete log files via the URI index.php?m=admin&c=data&a=clear. This issue is documented in multiple sources (CNVD-2019-00334, NVD CVE-2018-19376, OSV) and is confirmed across CNVD/CVSS d...

HeidiSQL 9.5.0.5196 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: HeidiSQL 9.5.0.5196 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/download.php Tested Version: 9.5.0.5196 Tested on: Windows 10 Single...

PbootCMS Arbitrary PHP Code Execution Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...