86 matches found
Fortinet FortiClient EMS 7.0.x < 7.0.11 / 7.2.x < 7.2.3 (FG-IR-24-007)
The version of Fortinet FortiClient EMS installed on the remote host is prior to 7.0.11 or 7.2.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-007 advisory. - A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet...
CVE-2023-47534
Fortinet FortiClientEMS is affected by CVE-2023-47534 due to improper neutralization of formula elements in CSV files. Affects versions 6.0.0–6.0.8, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.10, and 7.2.0–7.2.2. Impact: remote code/command execution via specially crafted CSV packets. Mitigation: apply ...
Wireshark 1.6.x < 1.6.16 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.6.16. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.6.16 advisory. - The dissectpft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark...
PT-2023-8260 · Nvidia · Nvidia Dgx H100 Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA DGX A100 BMC affected versions not specified Description: The issue is related to a stack overflow vulnerability in the host KVM daemon of the NVIDIA DGX A100 BMC. An unauthenticated attacker can exploit this by sending a specially...
K11720: Samba server vulnerability CVE-2010-2063
Security Advisory Description Note : Versions that are not listed in this articles have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5172)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is use...
Ubuntu 16.04 ESM : DHCP vulnerabilities (USN-5658-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5658-2 advisory. USN-5658-1 fixed vulnerabilities in DHCP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...
25 Years of Nmap: Happy Scan-iversary!
I didn't know it then, but on September 1, 1997, my life changed. That was the day that Fyodor's Nmap was first released to the world, courtesy of the venerable Phrack magazine. By the way, check out our recent podcast with Fyodor himself if you haven’t yet. At the time, I had just started my...
CVE-2022-37176
Tenda AC6AC1200 v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard...
Race condition
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition...
CVE-2021-27385
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...
CVE-2020-9213
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module,...
CVE-2018-19025
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc...
Code injection
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service restart of agents by crafting a malformed DHCP packet which leads to an incorrect route being installed...
CVE-2020-5599
The CVE-2020-5599 issue affects Mitsubishi Electric GOT2000 series GT27/GT25/GT23 CoreOS prior to version -Z. It is an improper neutralization of argument delimiters in a command (Argument Injection, CWE-88) vulnerability that may allow a remote attacker to stop network functions or run a malicio...
Code injection
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack...
CVE-2018-5951
MikroTik RouterOS is affected by CVE-2018-5951. The issue arises when a 1-byte packet is crafted and sent to a RouterOS IPv6 address using IP Protocol 97, which will cause the RouterOS device to reboot imminently. All RouterOS versions that support EoIPv6 are vulnerable. Connected documents confi...
The vulnerability of Junos OS router devices of the SRX Series arises from insufficient validation of input data. This allows attackers to trigger service interruptions.
The vulnerability of Junos OS router devices of the SRX Series exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted multi-address packets...
QEMU - Denial of Service
QEMU - Denial of Service include include include include include include include include include include include include include include include include include define diex do \ perrorx; \ exitEXITFAILURE; \ while0; // Constans define SRCADDR "10.0.2.15" define DSTADDR "10.0.2.2" define INTERFACE...
ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones
ANDRAX The first and unique Penetration Testing platform for Android smartphones. Thanks to Jessica Helena she made ANDRAX v3 possible. What is ANDRAX ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it...