CVE-2015-7964

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

Authentication flaw

SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

Authentication flaw

SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2015-7962

SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2015-7961

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

Authentication flaw

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2015-7966

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965...

CVE-2015-7961

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2015-7962

SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2015-7966

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965...

CVE-2015-7964

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2015-7961

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

Node.js third-party modules: `concat-with-sourcemaps` allocates uninitialized Buffers when number is passed as a separator

I would like to report an uninitialized Buffer allocation issue in concat-with-sourcemaps. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in unlikely setups where separator is attacker-controlled. Module module name:...

Node.js third-party modules: [m-server] Path Traversal allows to display content of arbitrary file(s) from the server

I would like to report Path Traversal in m-server module. It allows to read content of any arbitrary file from the server where m-server is installed and run. Module module name: m-server version: 1.4.0 npm page: https://www.npmjs.com/package/m-server Module Description M-Server is a mini http...

Node.js third-party modules: `macaddress` concatenates unsanitized input into exec() command

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report code injection i...

CVE-2017-17157

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE,...

CVE-2017-15337

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30,...

Node.js third-party modules: [public] Stored XSS in filenames in directory served by public

Hi Guys, public allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. I put https://www.npmjs.com/package/public in Weakness section - 'Where is the stored content accessible?' because it does not allowed me to open report with...