Data Components tPanel SQL Injection Vulnerability

Data Components tPanel is a set of web hosting control panels that run in the server. A SQL injection vulnerability exists in Data Components tPanel version 2009. A remote attacker could exploit this vulnerability to bypass authentication...

HP Intelligent Management Center Arbitrary Code Execution Vulnerability

HP Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Fault, Configuration, Accounting, Performance and Security FCAPS model. An arbitrary code execution vulnerability exists in HP Intelligent Management Center. A remote authenticated...

CVE-2017-15881

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878...

Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

GHSA-G89M-3WJW-H857 Puppet vulnerable to Path Traversal

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

PYSEC-2017-36

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an...

CVE-2017-14695

CVE-2017-14695 is a SaltStack Salt directory traversal vulnerability in minion_id validation. It affects Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2, enabling remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. This iss...

CVE-2017-14695

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an...

CVE-2017-14695

Removed by vendor...

Google Golang Go Certificate Validation Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. A security vulnerability exists in Google Golang Go versions 1.7.3 and 1.6.3. A remote attacker can exploit this vulnerability to authenticate a connection with the help of...

PostgreSQL Empty Password Handling Remote Authentication Bypass

Binary data postgresauthemptypassword.nbin...

Oracle Secure Global Desktop Web Services Component Remote Authentication Bypass (October 2017 CPU)

The version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the October 2017 Critical Patch Update CPU. It is, therefore, affected by an Apache HTTP server remote authentication bypass vulnerability in the web services component. The Apache...

Code injection

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...

CVE-2014-7813

Red Hat CloudForms 3 Management Engine CFME allows remote authenticated users to cause a denial of service resource consumption via vectors involving calls to the .tosym rails function and lack of garbage collection of inserted symbols...

Ubuntu 14.04 LTS : Ceph vulnerabilities (USN-3452-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3452-1 advisory. It was discovered that Ceph incorrectly handled the handlecommand function. A remote authenticated user could use this issue to cause Ceph to crash,...

CVE-2017-5791

The doFilter method in UrlAccessController in HPE Intelligent Management Center iMC PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI...

USN-3446-1 glance vulnerabilities

Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. CVE-2015-5251 Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly...

CVE-2017-14614

Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path...

HP Intelligent Management Center Arbitrary File Deletion Vulnerability

HP Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Fault, Configuration, Accounting, Performance and Security FCAPS model. An arbitrary file deletion vulnerability exists in HP Intelligent Management Center, where a remote...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...