100 matches found
LibreOffice < 6.2.5 Multiple Vulnerabilities (macOS)
The version of LibreOffice installed on the remote macOS host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must be...
PT-2019-2044 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the WebVPN login process could allow an unauthenticated...
Real-time File Scanning System: Strelka
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin’s Laika BOSS and similar projects, Strelka’s purpose is to perform file extraction and metadata collection at huge scale. Strelka differ...
Microsoft Exchange Server Rollup Server-Side Request Forgery Vulnerability
Microsoft Exchange Server is the United States Microsoft Microsoft a set of e-mail services program, which provides mail access, storage, forwarding, voice mail, mail filtering and screening functions.Rollup is used in one of the code packer. A server-side request forgery vulnerability exists in...
The vulnerability of the Microsoft Server Message Block 1.0 (SMBv1) network protocol on the Windows operating system, which allows a hacker to cause a service failure.
The vulnerability of the Microsoft Server Message Block 1.0 SMBv1 protocol in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted requests remotely...
The vulnerability of the centralized device management system of Cisco Unified Computing System Central and the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary commands.
The vulnerability of the CGI script of the Cisco Unified Computing System Central device management system and the Cisco Firepower Extensible Operating System exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...
IBM Tivoli Storage Manager FastBack Server FXCLI_OraBR_Exec_Command Buffer Overflow (CVE-2015-1929)
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking while processing remote requests within the FXCLIOraBRExecCommand function. A remote unauthenticated attacker could exploit this vulnerability by sendin...
IP whitelist bypass in Web Console
Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...
DEBIAN-CVE-2015-3340
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a 1 XENDOMCTLgettscinfo or 2 XENSYSCTLgetdomaininfolist request...
Nokia SGSN DX200 Remote SNMP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enable an attacker may be...
DEBIAN-CVE-2013-3571
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service file descriptor consumption via multiple request that are refused based on the 1 sourceport, 2 lowport, 3 range, or 4...
openSUSE: Security Advisory for NRPE (openSUSE-SU-2013:0624-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE Update for NRPE openSUSE-SU-2013:0621-1 (NRPE)
Check for the Version of NRPE OpenVAS Vulnerability Test $Id: gbsuse201306211.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for NRPE openSUSE-SU-2013:0621-1 NRPE Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
EMC AlphaStor Library Control Program Multiple Buffer Overflows (CVE-2013-0946)
Multiple buffer overflow vulnerabilities has been reported in EMC AlphaStor Library Control Program LCP while parsing remote requests. The vulnerabilities are due to missing bounds check while copying request data into fixed length stack buffers. An unauthenticated attackers can exploit this...
NRPE metacharacter filtering omission (important)
NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...
SuSE 11.2 Security Update : puppet (SAT Patch Number 7526)
puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs. - 19391 Find the catalog for the specified node name - Don't assume master supports SSLv2 - Don't require openssl client to return 0 on failure - Display SSL messages so we can match our regex - Don't assume puppetbindir is...
CVE-2010-2007
Multiple cross-site request forgery CSRF vulnerabilities in LetoDMS formerly MyDMS 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use 1 op/op.EditUserData.php, 2 op/op.UsrMgr.php, 3 out/out.RemoveVersion.php, 4 op/op.RemoveFolder.php, 5...
Cross site scripting
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
CVE-2007-1926
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
Nokia SGSN DX200 - Remote SNMP Information Disclosure
Nokia SGSN DX200 - Remote SNMP Information Disclosure source: https://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enabl...