CVE-2018-19465

Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...

CVE-2019-5394

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration...

CVE-2019-5394

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration...

Unpassworded (Blank Password) 'root' Account (Telnet)

The remote host has set no password for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Carel pCOWeb < B1.2.1 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Carel pCOWeb - Stored XSS Exploit Author: Luca.Chiou Vendor Homepage: https://www.carel.com/ Version: Carel pCOWeb all versions prior to B1.2.1 Tested on: It is a proprietary devices: http://www.carel.com/product/pcoweb-car...

Carel pCOWeb B1.2.1 - Cross-Site Scripting

Carel pCOWeb B1.2.1 - Cross-Site Scripting Exploit Title: Carel pCOWeb - Stored XSS Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.carel.com/ Version: Carel pCOWeb all versions prior to B1.2.1 Tested on: It is a proprietary devices: http://www.carel.com/product/pcoweb-ca...

CVE-2019-3684 susemanager installer creates world-readable swap files

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...

CVE-2018-7082

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that woul...

CVE-2018-7082

CVE-2018-7082 is a command injection vulnerability in Aruba Instant that allows an authenticated administrative user to execute arbitrary OS commands. The issue stems from insufficient input handling in the web-facing management path, enabling a malicious admin to install backdoors or modify conf...

CVE-2018-7082

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that woul...

Mitsubishi FX3U-16CCL-M Communications Adapter Detection

Binary data 752113.prm...

[SECURITY] Fedora 30 Update: systemd-241-7.gita2eaa1c.fc30

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

[SECURITY] Fedora 30 Update: systemd-241-5.git3d835d0.fc30

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

CVE-2019-6569

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime...

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

Design/Logic Flaw

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

CVE-2019-3827

CVE-2019-3827 affects gvfs prior to 1.39.4. A flawed permission check in the admin backend allows reading and modifying arbitrary files by privileged users when no authentication agent is running, enabling local privilege escalation under certain system configurations. Multiple connected advisori...

Amcrest Technologies IP Camera Default Credentials (HTTP)

The remote installation of Amcrest Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...