404 matches found
CVE-2018-6433
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system...
Design/Logic Flaw
A vulnerability has been identified in Automation License Manager 5 All versions 5.3.4.4. An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker t...
CVE-2018-11456
A vulnerability has been identified in Automation License Manager 5 All versions 5.3.4.4. An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker t...
Security Bulletin: TLS padding vulnerability affects TPF Toolkit (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects TPF Toolkit. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by the...
OpenSSH < 6.6 SFTP - Command Execution Exploit
Exploit for linux platform in category remote exploits OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16...
Microsoft Exchange Memory Corruption Vulnerability
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system. To exploit the vulnerability, an attacker would send a...
Microsoft Windows 10: Force shutdown from a remote system
This security setting determines which users are allowed to shut down a device from a remote location on the network. This allows members of the Administrators group or specific users to manage computers for tasks such as a restart from a remote location. OpenVAS Vulnerability Test $Id:...
OpenSSH < 6.6 SFTP - Command Execution
OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16 print "+ Stack mapped @ -".formataddr0,...
OracleVM 3.4 : dhcp (OVMSA-2018-0023)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added oracle-errwarn-message.patch - Resolves: 1550085 - CVE-2018-5733 Avoid reference overflow 12:4.1.1-53.P1.2 - Resolves: 1550083 - CVE-2018-5732 Avoid options buffer overflow - Resolves: 1063217 -...
Default Password (CenturyL1nk) for 'admin' Account
The account 'admin' on the remote host has the password 'CenturyL1nk'. An attacker may leverage this issue to gain access, likely as an administrator, to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin"; password = "CenturyL1nk";...
Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner
Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable. Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend. Security...
Leviathan - Wide Range Mass Audit Toolkit
Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. It consists open source tools such masscan, ncrack, dsss and gives you the flexibility of using them with a combination. The main goal of this...
CVE-2017-5999
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...
nagios: Command injection via curl in MagpieRSS
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system...
nagios: Command injection via curl in MagpieRSS
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system...
Command Execution Through Compromised Remote Hosts
ansible is vulnerable to command execution through a comprised remote system. A compromised remote system managed through ansible can lead to commands being executed on the ansible controller when the user is running the ansible or ansible-playbook command...
OpenNMS RMI Java Object Deserialization
Vulnerability exists in OpenNMS RMI. This vulnerability is due to deserialization of untrusted data. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...
Microsoft Edge Use After Free (MS16-145: CVE-2016-7288)
A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...
Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)
Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference MS16-137 MS16-137: LSASS Remote Memory Corruption Advisory Title: LSASS SMB NTLM Exchange Remote Memory Corruption Version: 1.0 Issue type: Null Pointer Dereference Authentication: Pre-Authenticated Affected vendor: Microsoft...
ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution
No description provided by source...