PT-2021-16511 · Belkin · Belkin Linksys Wrt160Nl

Name of the Vulnerable Software and Affected Versions: Belkin Linksys WRT160NL version 1.0.04.002 US 20130619 Description: The administration web interface on Belkin Linksys WRT160NL devices allows remote authenticated attackers to execute system commands with root privileges via shell...

UCOPIA Wi-Fi appliances OS Command Injection Vulnerability

A security vulnerability exists in Ucopia Express 6.0.5 that allows an authenticated, remote attacker to escape the restricted administrative shell CLI and access a shell with admin user privileges via unprotected less commands...

CVE-2020-15835

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the...

CVE-2020-15835

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the...

Backdoor.Win32.Xel Remote Authentication Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3648c68bfe395fb9980ae547d881572c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xel Vulnerability: Remote Authentication Buffer Overflow Description: Xel listens on...

IBM MQ 7.5 <= 7.5.0.8 / 8.0 <= 8.0.0.9 / 9.0 <= 9.0.0.3 (711805)

The version of IBM MQ Server running on the remote host is affected by a vulnerability. IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM...

Cisco Connected Mobile Experiences User Enumeration Vulnerability

Cisco Connected Mobile Experiences CMX is an intelligent Wi-Fi solution that uses the Cisco wireless infrastructure to provide location services and location analytics to consumers' mobile devices. A user enumeration vulnerability exists in API authorization for Cisco Connected Mobile Experiences...

CVE-2020-5633

Multiple NEC products Express5800/T110j, Express5800/T110j-S, Express5800/T110j 2nd-Gen, Express5800/T110j-S 2nd-Gen, iStorage NS100Ti, and Express5800/GT110j where Baseboard Management Controller BMC firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and the...

PT-2021-7662 · Microsoft +1 · Windows Com Server +2

Name of the Vulnerable Software and Affected Versions: Windows DCOM Server affected versions not specified Description: The vulnerability in the Windows DCOM Server is related to errors in security settings, allowing a remote attacker to bypass authentication procedures and elevate their...

Orangehrm SQL注入漏洞

Orangehrm is a human resource management system HRM from Orangehrm, USA. The system supports personnel information management, leave management, attendance management and recruitment management. OrangeHRM versions prior to 4.6.0.1 suffer from a SQL injection vulnerability that stems from the...

NEC Multiple Product Authorization Issues Vulnerabilities

The NEC UNIVERGE SV8500 and NEC UNIVERGE SV9500 are both an IP phone device from NEC Corporation of Japan. A security vulnerability exists in multiple NEC products that could allow a remote attacker to bypass the authentication process. The following products and versions are affected: UNIVERGE...

IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 Stack Buffer Overflow (536441)

The version of IBM HTTP Server running on the remote host is affected by a stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and...

NEC Multiple Product Authorization Issues Vulnerabilities

NEC Express 5800 and NEC Istorage are both products of NEC Corporation of Japan.NEC Express 5800 is a server device.NEC Istorage is a storage device. A security vulnerability exists in multiple NEC products that could allow a remote attacker to bypass the authentication process. The following...

CVE-2020-27643

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories where they would not normally have access to create or modify files via the creation of a junction point to a system...

1E Client 权限许可和访问控制问题漏洞

1E Client is an agent-less endpoint management software from 1E 1E Client USA. A security vulnerability exists in 1E Client versions 5.0.0.745, 4.1.0.267, which originates in the %PROGRAMDATA%1EClient directory that allows remote authenticated and local users to create and modify files in...

CVE-2020-35715

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the uploadsettings.cgi page...

DEBIAN-CVE-2019-11783

Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...

CVE-2019-11783

The CVE-2019-11783 issue affects Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier. It is caused by improper access control in the mail module (channel partners), enabling remote authenticated users to subscribe to arbitrary mail channels uninvited. The exposed impact is authen...

Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary Apache Tomcat vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-9484 DESCRIPTION: Apache Tomcat could allow a remote authenticated attacker to execute arbitrary cod...

OpenAsset Digital Asset Management SQL注入漏洞

Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...