95 matches found
The vulnerability of the centralized device management system of Cisco Unified Computing System Central and the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary commands.
The vulnerability of the CGI script of the Cisco Unified Computing System Central device management system and the Cisco Firepower Extensible Operating System exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...
IBM Tivoli Storage Manager FastBack Server FXCLI_OraBR_Exec_Command Buffer Overflow (CVE-2015-1929)
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking while processing remote requests within the FXCLIOraBRExecCommand function. A remote unauthenticated attacker could exploit this vulnerability by sendin...
IP whitelist bypass in Web Console
Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...
DEBIAN-CVE-2015-3340
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a 1 XENDOMCTLgettscinfo or 2 XENSYSCTLgetdomaininfolist request...
Nokia SGSN DX200 Remote SNMP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enable an attacker may be...
DEBIAN-CVE-2013-3571
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service file descriptor consumption via multiple request that are refused based on the 1 sourceport, 2 lowport, 3 range, or 4...
SuSE Update for NRPE openSUSE-SU-2013:0621-1 (NRPE)
Check for the Version of NRPE OpenVAS Vulnerability Test $Id: gbsuse201306211.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for NRPE openSUSE-SU-2013:0621-1 NRPE Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
openSUSE: Security Advisory for NRPE (openSUSE-SU-2013:0624-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EMC AlphaStor Library Control Program Multiple Buffer Overflows (CVE-2013-0946)
Multiple buffer overflow vulnerabilities has been reported in EMC AlphaStor Library Control Program LCP while parsing remote requests. The vulnerabilities are due to missing bounds check while copying request data into fixed length stack buffers. An unauthenticated attackers can exploit this...
NRPE metacharacter filtering omission (important)
NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...
SuSE 11.2 Security Update : puppet (SAT Patch Number 7526)
puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs. - 19391 Find the catalog for the specified node name - Don't assume master supports SSLv2 - Don't require openssl client to return 0 on failure - Display SSL messages so we can match our regex - Don't assume puppetbindir is...
CVE-2010-2007
Multiple cross-site request forgery CSRF vulnerabilities in LetoDMS formerly MyDMS 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use 1 op/op.EditUserData.php, 2 op/op.UsrMgr.php, 3 out/out.RemoveVersion.php, 4 op/op.RemoveFolder.php, 5...
Cross site scripting
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
CVE-2007-1926
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
Nokia SGSN DX200 - Remote SNMP Information Disclosure
Nokia SGSN DX200 - Remote SNMP Information Disclosure source: https://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enabl...