Information Disclosure

actionpack is vulnerable to information disclosure. A remote attacker is able to retrieve arbitrary files on the target server when sending malicious Accept headers that are parsed with render file:...

GitLab Wiki API Attachments Command Injection (CVE-2018-18649)

A remote code execution vulnerability has been reported in GitLab Wiki API. The vulnerability is due to improper validation of parameters when uploading files to the Wiki repository via the Wiki API. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to th...

WordPress Core Local File Inclusion Remote Code Execution (CVE-2019-8942)

A remote code execution vulnerability exists in WordPress Core. Successful exploitation of this vulnerability could allow a remote attacker with at least author privileges to execute arbitrary code on the target server...

Directory Traversal

mcstatic is vulnerable to directory traversal. The vulnerability is possible because it does not handle the file name parameter properly, allowing the attacker to read arbitrary files on the target server by appending ../ in the file path...

CVE-2018-14654

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...

EFS Software Easy File Sharing Web Server vfolder.ghp Stack Buffer Overflow

A buffer overflow vulnerability exists in HTTP GET requests to EFS Software Easy File Sharing Web Server. The vulnerability is due to a failure on properly perform boundary checking on user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP...

ROBOT TLS_RSA Scanning Attempt (CVE-2012-5081; CVE-2016-6883; CVE-2017-1000385; CVE-2017-12373; CVE-2017-13098; CVE-2017-13099; CVE-2017-17382; CVE-2017-17427; CVE-2017-17428; CVE-2017-17841; CVE-2017-6168)

ROBOT Detect Scanner is a vulnerability scanning product. Remote attackers can use ROBOT Detect Scanner to detect vulnerabilities on a target server...

Microsoft Windows Remote Desktop Protocol Scanning Attempt

RDP Scanner is a vulnerability scanning product. Remote attackers can use RDP Scanner to detect vulnerabilities on a target server...

Apache HTTP OptionsBleed Memory Leak Scanner (CVE-2017-9798)

OptionsBleed Scanner is a vulnerability scanning product. Remote attackers can use OptionsBleed Scanner to detect vulnerabilities on a target server...

SMBv1 Scanner

An SMB scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the SMBv1 vulnerabilities on a target server...

Apache Struts REST Plugin XStream Deserialization Remote Code Execution (CVE-2017-9805)

A remote code execution vulnerability exists in Apache Struts. This vulnerability is due to the an insecure deserialization. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation will allow an attacker to execute arbitrary co...

Schneider Electric PowerSCADA Anywhere/Citect Anywhere Information Disclosure Vulnerability

PowerSCADA Anywhere is SCADA and power monitoring software.Citect is industrial automation operation and monitoring software. An information disclosure vulnerability exists in the implementation of PowerSCADA Anywhere version 1.0 and Citect Anywhere version 1.0, which allows an attacker with a...

HPE Network Automation FileServlet Information Disclosure (CVE-2017-5811)

An information disclosure vulnerability exists in HPE Network Automation. The vulnerability is due to a lack of sanitization on a user supplied path on requests handled by FileServlet. A remote attacker could exploit this vulnerability by sending a maliciously crafted request to the target server...

Microsoft .NET Remote Code Execution (CVE-2017-0160)

A Remote Code Execution vulnerability exists in the Microsoft .Net Framework. The vulnerability happend when Microsoft .NET Framework fails to properly validate input before loading libraries. A remote attacker could exploit this vulnerability by sending specially crafted data to the target serve...

Hostname verification skipped when custom root certs used

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0146)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

FusionVM Security Scanner

FusionVM is a vulnerability scanning product. Remote attackers can use FusionVM to detect vulnerabilities on a target server...

CMSmap Security Scanner

CMSmap is a dedicated vulnerability scanning product for Content Management Systems. Remote attackers can use CMSmap to detect vulnerabilities on a target server...

iSCSI target service crashes randomly in Windows Server 2012 R2

iSCSI target service crashes randomly in Windows Server 2012 R2 This article describes an issue in which the iSCSI target service crashes randomly on a Windows Server 2012 R2 server. An update is available to fix this issue. Before you install this update, see the Prerequisites section. Note This...

WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Upload

Arbitrary File Upload vulnerability was found in WordPress CYSTEME Finder Plugin 1.3. It allows remote attackers to upload aribitary files to the target server. This vulnerability exists in http://targetserver/wp-content/plugins/cysteme-finder/php/connector.php file. Solution Update CYSTEME Finde...