Dell EMC VPLEX Insecure File Permissions Vulnerability

Dell EMC VPLEX provides continuous data availability and data mobility to safeguard the uptime of business-critical applications and create an agile infrastructure that is easy to manage and reconfigure. An insecure file permission vulnerability exists in the Dell EMC VPLEX, which could allow a...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

CVE-2018-0613

NEC Platforms Calsos CSDX and CSDJ series products CSDX 1.37210411 and earlier, CSDXP 4.37210411 and earlier, CSDXD 3.37210411 and earlier, CSDXS 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00 allows remote...

CVE-2017-10935

The CVE-2017-10935 vulnerability affects ZTE ZXR10 1800-2S with ZSRV2 firmware versions prior to V3.00.40. A remote authenticated attacker can bypass the original password authentication and change another user’s password, enabling account compromise. The risk is mitigated by upgrading to ZSRV2 V...

CVE-2018-1503

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339...

CVE-2018-1503

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339...

CVE-2018-1612

IBM QRadar Incident Forensics IBM QRadar SIEM 7.2, and 7.3 could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164...

CVE-2016-9482

CVE-2016-9482 affects the PHP FormMail Generator code; an unauthenticated remote user can bypass authentication and reach the administrator panel by accessing /admin.php?mod=admin&func=panel. Documents consistently describe an authentication bypass in the code generated by PHP FormMail Generator....

CVE-2017-16816

The condorschedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service daemon crash by leveraging use of GSI and VOMS extensions...

SoftExpert Excellence Suite 2.0 - cddocument SQL Injection

SoftExpert Excellence Suite 2.0 - cddocument SQL Injection Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAI...

SoftExpert Excellence Suite 2.0 - cddocument SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAILS A...

SoftExpert Excellence Suite 2.0 SQL Injection

Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAILS A SQL injection vulnerability in the SoftExpert SE...

CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

IIJ SmartKey App for Android Information Disclosure Vulnerability

IIJ SmartKey App for Android is an Android-based application from Internet Initiative Japan IIJ that provides two-factor authentication for websites. A security vulnerability exists in IIJ SmartKey App for Android. A remote attacker can exploit the vulnerability to bypass authentication...

CVE-2018-12692

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wpssetuppin parameter to /data/wps.setup.json...

PT-2018-10312 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue concerns the mishandling of access control in certain configuration files, potentially allowing remote authenticated users to call arbitrary methods, which could lead to remote...

CVE-2017-17062

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management...

CVE-2018-5751

CVE-2018-5751 concerns the Open-Xchange OX App Suite backend component. The vulnerability, present in versions listed as vulnerable (before 7.6.3-rev36; 7.8.x before 7.8.2-rev39; 7.8.3 before 7.8.3-rev44; and 7.8.4 before 7.8.4-rev22), allows remote authenticated users to obtain sensitive informa...

CVE-2018-5756

The CVE-2018-5756 advisory concerns the Open-Xchange OX App Suite backend. It states that the backend does not properly verify folder-to-object associations, enabling remote authenticated users to delete arbitrary tasks by supplying the task ID in a delete action to api/tasks. Affected are Open-X...

Siemens SCALANCE X Switches Cross-Site Scripting Vulnerability

Siemens SCALANCE X Switches is an industrial Ethernet switch from Siemens, Germany. A cross-site scripting vulnerability exists in Siemens SCALANCE X Switches, which allows access to configure the remote authentication of the web server if the HRP redundancy option is set An attacker could store...