Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to presen...

MS14-035: Cumulative security update for Internet Explorer: June 10, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

MGASA-2014-0181 Updated cups-filters packages fix security vulnerability

Updated cups-filters packages fix security vulnerability: Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups- browsed daemon CVE-2014-2707. Note that only systems that have enabled the affected feature by usin...

代码审计系列5: PHPYUN多个问题(涉及CSRF、XSS)

简要描述： 这个程序较大，客户较多，出现这种问题影响也比较大。 详细说明： 由于整个程序的后台与后端的数据交互都没有对CSRF做防范，导致这程序后台面临着巨大的威胁。 另外还存在着诸多的XSS漏洞。 受影响较严重的功能： 系统管理 基础配置 网站配置 系统管理 基础配置 支付配置 系统管理 基础配置 管理员配置 系统管理 基础配置 导航配置 运营管理 运营管理 后台充值 运营管理 运营管理 短信群发 PS: 对于金钱相关的事儿，黑客们应该比较感兴趣吧 漏洞证明： 下面利用CSRF插入XSS的例子来说明一下。 首先定位： 运营管理 运营管理 友情链接 这里的过滤并不完善，可以完全绕开。...

Areca Raid Storage Manager Default Admin Credentials (HTTP)

The remote Areca Raid Storage Manager web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Audemat FMB80 RDS Encoder 'root' Default Credentials (Telnet)

The remote Audemat FMB80 RDS Encoder has no or default credentials set. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Video Surveillance Manager Default Root Credentials (HTTP)

The remote Cisco Video Surveillance Manager is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple IP Video/Camera Server Default Admin Credentials (HTTP)

The remote IP Video/Camera server web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

PT-2013-67: Sensitive Information Disclosure in Serv-U File Server

The specialists of the Positive Research center have detected a Sensitive Information Disclosure vulnerability in Serv-U File Server. This vulnerability allows an attacker to find out the system configuration and obtain users’ authentication information via Serv-U variables values. Exploitation...

Design/Logic Flaw

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the buildd directory and consequently reads the system configuration file from the buildd directory, which allows...

CVE-2013-1060

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the buildd directory and consequently reads the system configuration file from the buildd directory, which allows...

SHARP Printer Default / No Credentials (HTTP)

The remote SHARP Printer is using default or no credentials for the HTTP based interface. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

Seagate NAS Default Credentials (HTTP)

The remote Seagate NAS is using known default credentials. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

CVE-2013-1060

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the buildd directory and consequently reads the system configuration file from the buildd directory, which allows...

Siemens SCALANCE Default Credentials (HTTP)

The remote Siemens SCALANCE device is using known default credentials for the HTTP login. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

CAREL pCOWeb 'http' User No Password (Telnet)

The remote CAREL pCOWeb based device is using no password for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xiuno BBS 2.0 background getshell vulnerabilities-vulnerability warning-the black bar safety net

Author: ztz@Dis9Team 0×0 vulnerability overview 1. The system configuration is not stored in the database, but stored in the conf. php; 2. Use the array method to store; 3. Have escape: ‘ = \’ ; 4. The ‘\’without escaping; 5. Insert the\’will be escaped as\\’php\ \ \represents one, and single...

D-Link DIR Multiple Devices Default Credentials (HTTP)

The remote D-Link DIR device is using known default credentials. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unprotected Lexmark Printer (HTTP)

The remote Lexmark Printer is not protected by a password and/or permissions for default users are too lose. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Aastra OpenCom 1000 Default Credentials (HTTP)

The remote Aastra OpenCom 1000 is using known default credentials. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...