Cisco IP Phone 8800 Series Unauthorized Access Vulnerability

Cisco IP Phone 8800 Series is an 8000 series IP phone product from Cisco USA. The product provides voice and video features. An unauthorized access vulnerability exists in the Cisco IP Phone 8800 Series using software version 11.01. An attacker could exploit this vulnerability to gain access and...

Arbitrary File Download Vulnerability in Special Equipment Inspection and Management System of Fuzhou Chuangda Electronics Co.

Special Equipment Inspection Management System of Fuzhou Chuangda Electronics Co., Ltd. is a data and information management system. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system there are arbitrary file download vulnerability, an attacker can download the...

Pulse Connect Secure Information Disclosure Vulnerability (CNVD-2016-03685)

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in PCS. A remote attacker could exploit the vulnerability to read system files...

Linknat VOS3000/2009 Directory Traversal Vulnerability

Linknat VOS3000/2009 is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:linknat:vos...

Authentication flaw

Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors...

Pentaho Data Integration (PDI) Suite Information Disclosure Vulnerability - Active Check

Pentaho PDI Suite is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability (cisco-sa-20160323-ncs)

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be...

Jive Forums Directory Traversal Vulnerability

Jive Forums is a recognized online community. A directory traversal vulnerability exists in Jive Forums version 5.5.25 and earlier. An attacker can exploit ... /... / / jump to access system files outside of the web directory...

Bumble: Insecure Direct Object Reference on badoo.com

Hi, I want to report IDOR Insecure Direct Object Reference vulnerability to you. IDOR Details are here: https://www.owasp.org/index.php/Top102010-A4-InsecureDirectObjectReferences https://www.owasp.org/index.php/TestingforInsecureDirectObjectReferences%28OTG-AUTHZ-004%29 As the pages say: Insecur...

Apache OpenMeetings FileService Arbitrary File Read Vulnerability

Apache OpenMeetings is the United States Apache Apache Software Foundation developed a set of multi-language customizable video conferencing and collaboration system, which supports audio, video and allows users to view each participant's desktop and so on. An Arbitrary File Read Exposure...

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...

Multiple vulnerabilities in HD Video Player PRO

HD Video Player PRO is a set of player software. The program supports any format of video, audio playback and more. HD Video Player PRO has local file inclusion and arbitrary file upload vulnerabilities that could be exploited by an attacker to upload arbitrary files and read the contents of syst...

IBM Tealeaf Customer Experience Directory Traversal Vulnerability

IBM Tealeaf Customer Experience is a suite of SaaS-based analytics solutions for web and mobile applications. A directory traversal vulnerability in IBM Tealeaf Customer Experience allows remote attackers to exploit the vulnerability by submitting a special request to read system files...

D-Link DCS-931L Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 /alphapd/ def initializeinfo = superupdateinfoinfo, 'Name' = 'D-Link DCS-931L File Upload', 'Description' = %q This module exploits a...

ZOHO ManageEngine Firewall Analyzer Directory Traversal Vulnerability

ZOHO ManageEngine Firewall Analyzer is a suite of web-based firewall log analysis tools that collects, correlates, analyzes, and reports on logs from firewalls, proxy servers, and Radius servers across the enterprise. A directory traversal vulnerability exists in ZOHO ManageEngine Firewall...

Magento MAGMI plugin directory traversal vulnerability

Magento is a professional open source PHP e-commerce system, MAGMI is one of the plug-ins used to import a large number of product catalogs into the Magento system. A directory traversal vulnerability in the Magento MAGMI plugin allows remote attackers to send requests containing special director...

IniNet Solutions SCADA Web Server Path Traversal Vulnerability

IniNet SCADA Web Server is a third-party web-based server software. Versions of SCADA Web Server prior to 2.02 fail to effectively filter certain elements within path names and are implemented with a path traversal vulnerability. An attacker can exploit this vulnerability to read arbitrary OS fil...

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...

WordPress Font 7.5 Path Traversal Vulnerability

WordPress Font plugin version 7.5 suffers from a path traversal vulnerability. Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An...

WordPress Font 7.5 Path Traversal

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...