Information disclosure

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

Qibo CMS station system V7.0 backend file reading vulnerability

Qibo CMS station system is a Guangzhou Qibo Network Technology Co. Qibo CMS system V7.0 backend file reading vulnerability exists. The vulnerability is due to the failure of the user to submit a special string of processing , resulting in directory traversal , an attacker can use the vulnerabilit...

Design/Logic Flaw

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate...

CVE-2018-9072 LXCI for VMware

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads...

Dream line business enterprise station building system exists arbitrary file download vulnerability

Dream line business enterprise station building system is to use PHP + MySQL way to run the open source station building system. Dream line enterprise building system there are arbitrary file download vulnerability, an attacker can use the vulnerability to download any system file...

CVE-2018-11062

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

Default credentials

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

CVE-2018-11062

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

CVE-2018-11062 Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

CVE-2018-11062

Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, and 2.2 contain undocumented accounts named ‘support’ and ‘admin’ protected by default passwords. These accounts have limited privileges but can access certain system files, enabling a potential attacker with knowledge of the...

CVE-2018-15321

CVE-2018-15321 affects BIG-IP products when Appliance mode is licensed and Admin/Resource Administrator roles have or are granted TMSH access. The issue allows high-privilege attackers to bypass Appliance mode restrictions and overwrite critical system files via TMSH, bypassing security controls....

Dell EMC Integrated Data Protection Appliance Unlogged Account Vulnerability

The Dell EMC Integrated Data Protection Appliance IDPA is a pre-integrated turnkey solution that is easy to deploy and scale, providing comprehensive protection for a wide range of application ecosystems. An undocumented account vulnerability exists in the Dell EMC Integrated Data Protection...

Hacker Discloses New Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosti...

Chrome Debugger Extension API Is Too Powerful Vulnerability

The Chrome debugger extension API appears to have more power than necessary, including the ability to bypass the check for disabled natives. Chrome: debugger extension API is too powerful My understanding of Chrome's security model regarding extensions is as follows: Users can grant almost comple...

Cisco Wireless LAN Controller Software Directory Traversal Vulnerability

Cisco Wireless LAN Controller WLC is a wireless LAN controller product from Cisco USA. The product provides security policy, intrusion detection and other functions in the wireless LAN. A directory traversal vulnerability exists in Cisco Wireless LAN Controller Software due to a failure to proper...

CVE-2018-0420

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An...

CVE-2018-0420 Cisco Wireless LAN Controller Software Directory Traversal Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An...

Cisco Digital Network Architecture Center Certification Bypass Vulnerability

Cisco Digital Network Architecture Center DNA Center is a set of digital network architecture solutions from the U.S. company Cisco Cisco. The program can extend and protect devices, applications, etc. within the network. An authentication bypass vulnerability exists in Cisco DNA Center version...