MariaDB Access Bypass Vulnerability - Linux

MariaDB is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; ifdescripti...

CVE-2016-10710

Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...

CVE-2016-10710

Biscom Secure File Transfer (SFT) versions 5.0.1000–5.0.1048 fail to validate the dataFieldId and use sequential numbers, enabling remote authenticated users to overwrite or read files via crafted requests. The issue is fixed in version 5.0.1050. Affected platforms are Biscom SFT; exact root caus...

Sql injection

sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...

Design/Logic Flaw

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the statusrrdgraphimg.php graph parameter, related to rrdgraphimg.php...

CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the statusrrdgraphimg.php graph parameter, related to rrdgraphimg.php...

Unspecified Vulnerability in HPE Integrated Lights

HPE Integrated Lights-Out 2 iLO 2 is a remote control solution from Hewlett Packard Enterprise HPE. The solution enables remote monitoring and operation and maintenance of IT assets such as servers. A security vulnerability exists in HPE iLO 2 version 2.29. A remote attacker could exploit the...

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

CVE-2015-7484

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619...

CVE-2017-15633

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the sessionlimits.lua file...

CVE-2017-15634

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file...

CVE-2017-15634

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file...

CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptpclient.lua file...

CVE-2017-15636

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptpserver.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the sessionlimits.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptpclient.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpserver.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the maxconn variable in the sessionlimits.lua file...