CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

PT-2019-10725 · Intel +4 · Udk2018 +7

Name of the Vulnerable Software and Affected Versions: EDK II affected versions not specified UDK2018 affected versions not specified UDK2017 affected versions not specified UDK2015 affected versions not specified Description: The issue is related to a logic problem in the variable service module...

Barracuda Cloud Control Center Cross-Site Scripting Vulnerability

Barracuda Cloud Control Center is a cloud service control center. A cross-site scripting vulnerability exists in Barracuda Cloud Control Center, where a local, low-privileged user account is able to inject its own malicious script code on the application side of a vulnerable service module...

Dell EMC iDRAC Insecure File Permissions Vulnerability

The Dell EMC iDRAC Service Module iSM is a suite of lightweight software from Dell Inc. that runs on servers. The software extends the Integrated Dell EMC Remote Access Controller iDRAC to the host operating system. A security vulnerability exists in the Dell EMC iSM for Linux and XenServer based...

CVE-2018-11053

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system /etc/hosts to world writable. A malicious low privileged operating system user or process...

PayPal Cross-Site Scripting Vulnerability

PayPal is a global e-commerce business that allows payments and money transfers to be made over the Internet. PayPal suffers from a cross-site scripting vulnerability that could allow a remote attacker to inject malicious script code on the application side of an affected online service module...

Fedora 27 : glibc (2017-0d3fdd3d1f)

This update adds support for the IBM858 codepage RHBZ1416405. It moves the nsscompat NSS service module to the main glibc package RHBZ1400538. As a security hardening measure, stdio streams are no longer flushed on process abort/assertion failure RHBZ1498880. /var/db/Makefile is now included in t...

Drupal 7. x Service Module SQLi & RCE vulnerability analysis and EXP-vulnerability warning-the black bar safety net

Drupal 7. x Service Module SQLi & RCE In the audit of the Drupal Service module when it is detected on the unserializefunction of a insecure call. Through the vulnerability, can lead to permission to escape, SQL injection, and remote code execution. 0x00 Service Module In Drupal, the Service modu...

CVE-2017-3881

A vulnerability in the Cisco Cluster Management Protocol CMP processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes...

krb5: null pointer dereference in kadmin

A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modifyprincipal command, if kadmin...

Cisco FirePOWER System Software Kernel Logging Configuration Denial of Service Vulnerability

Cisco Firepower is a family of advanced firewalls. A security vulnerability exists in the kernel logging configuration of the Cisco FirePOWER System Software.ASA 5585-X FirePOWER SSP module is affected by this vulnerability. An unauthenticated remote attacker could cause a denial of service on th...

Critical: Red Hat Security Advisory: glibc security update

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Commo...

Code injection

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service device reload by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505...

Yahoo!: Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes)

Thank you for your submission to Yahoo’s Bug Bounty program. There were similar reports submitted, this report is marked as closed as the other reports will be triaged. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program. ...

Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability

A vulnerability in the Service Module for Cisco Catalyst 3750-X Series Switches could allow an authenticated, local attacker to gain root access to the kernel running on the Cisco Service Module. The vulnerability is due to default credentials on the Cisco Service Module. An attacker could exploi...

CVE-2013-5522

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286...

Design/Logic Flaw

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286...

CVE-2013-5522

Cisco Catalyst 3750-X Series Switches are affected by CVE-2013-5522 due to default credentials in the Cisco Service Module, enabling authenticated local privilege escalation to root on the module. The issue stems from default Service Module credentials. Cisco released a security advisory and soft...

CVE-2013-5522

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286...

CVE-2013-5498

The CVE-2013-5498 issue affects the PPTP-ALG component of Cisco CRS Carrier Grade Services Engine (CGSE) and Cisco ASR 9000 Series ISM running IOS XR. The root cause is in the PPTP-ALG’s handling of packet streams, allowing an unauthenticated, remote attacker to cause a denial of service via craf...