4423 matches found
Race condition
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...
CVE-2018-15458 Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...
CVE-2018-15458
Cisco Firepower Management Center (FMC) Shell Access Filter vulnerability allows an unauthenticated, remote attacker to trigger unbounded writes to a system log file when used with certain remote authentication configurations. This can cause high disk utilization, leading to a DoS and instability...
CVE-2018-15458 Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...
PT-2019-1372 · Cisco · Cisco Firepower Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center affected versions not specified Description: The issue is related to errors in resource management in the Shell Access Filter feature of Cisco Firepower Management Center. It could allow a remote attacker to...
CVE-2018-16169
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors...
Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...
UBUNTU-CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter...
SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2018:3815-1)
This update for salt fixes the following issues : Security issues fixed : CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issues...
CVE-2018-20519
An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajaxsavebasic pid parameter...
CVE-2018-20465
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a % string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext userna...
CVE-2018-20465
Craft CMS 3.x up to version 3.0.34 is vulnerable to a Server-Side Template Injection (SSTI) that allows remote authenticated administrators to read sensitive configuration data. The flaw is demonstrated by injecting a template snippet that accesses craft.app.config.DB.user and craft.app.config.DB...
CVE-2018-18009
The CVE-2018-18009 entry affects D-Link DIR-140L and DIR-640L routers (DIR-140L v1.02; DIR-640L v1.01RU). The vulnerability lies in dirary0.js, which allows remote unauthenticated attackers to disclose the admin password by reading the web interface file (example: http://victim_ip/dirary0.js). Im...
CVE-2018-20307
CVE-2018-20307 affects Pulse Secure Virtual Traffic Manager (vTM) . Affected releases include vTM 9.9 prior to 9.9r2 , 10.4r1 , and 17.2r1 . The root cause is incorrect permission validation, which could allow a remote authenticated user to obtain sensitive historical activity information. Per pu...
openSUSE Security Update : salt (openSUSE-2018-1569)
This update for salt fixes the following issues : Security issues fixed : - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security...
openSUSE: Security Advisory for salt (openSUSE-SU-2018:4174-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for salt (important)
This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issue...
Design/Logic Flaw
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings...
CVE-2018-20057
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter...
CVE-2018-7067
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...