CVE-2018-10627

CVE-2018-10627 affects Echelon SmartServer 1 (all versions), SmartServer 2 (all versions before 4.11.007), i.LON 100 (all versions), and i.LON 600 (all versions; not affecting i.LON 600 per some sources). The flaw enables information disclosure via the SOAP API, allowing an attacker to retrieve a...

CVE-2018-10627

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

Echelon SmartServer 1, SmartServer 2 and i.LON 100 Information Disclosure Vulnerability

Echelon SmartServer 1, SmartServer 2 and i.LON 100 are all products of Echelon Corporation, USA. echelon SmartServer 1 and SmartServer 2 are multifunctional controllers, which support building automation control and enterprise energy management, etc. i.LON 100 is a network server, which is mainly...

Zimbra 8.6.x < 8.6.0 Patch10, 8.7.x < 8.7.11 Patch3 Multiple Vulnerabilities

Zimbra is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Zimbra 8.8.x < 8.8.8 Multiple Vulnerabilities

Zimbra is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Zimbra Collaboration Suite mailboxd information disclosure vulnerability (CNVD-2018-09677)

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, and more. mailboxd is one of the email components. A security vulnerability exists in mailboxd in ZCS versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6...

CVE-2018-10951

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API...

Design/Logic Flaw

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API...

CVE-2018-10951

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API...

NCR Aloha POS SOAP API Detection

Binary data ncralohaposwebdetect.nbin...

Cybozu Garoon 4.2.4 - 4.2.5 Directory Traversal Vulnerability

Cybozu Garoon is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:garoon";...

CVE-2017-2258

Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications"...

Directory traversal

Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications"...

CVE-2017-2258

Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications"...

CVE-2017-2258

CVE-2017-2258 affects Cybozu Garoon 4.2.4–4.2.5 and is a directory traversal in the Garoon SOAP API “WorkflowHandleApplications” (CWE-22) that can allow an attacker to read arbitrary files. This vulnerability is documented across multiple feeds (NVD, CVE lists, OpenVAS) with a reported impact of ...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS vulnerability in the application menu's edit function CWE-20 - CVE-2017-2254 Stored cross-site scripting in the "Rich text" function of the application "Space" CWE-79 -...

vmware-version NSE Script

Queries VMware server vCenter, ESX, ESXi SOAP API to extract the version information. The same script as VMware Fingerprinter from VASTO created by Claudio Criscione, Paolo Canaletti Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...

MantisBT 1.3.x < 1.3.0-rc.2 SOAP API Information Disclosure Vulnerability - Linux

MantisBT is prone to an incomplete blacklist vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mantisbt:mantisbt";...

MantisBT 1.3.x < 1.3.0-rc.2 SOAP API Information Disclosure Vulnerability - Windows

MantisBT is prone to an incomplete blacklist vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mantisbt:mantisbf";...

Input validation

Incomplete blacklist vulnerability in the configisprivate function in configapi.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request...