2766 matches found
Exper EWM-01 ADSL/MODEM Unauthenticated Remote DNS Changer
!/bin/bash Exper EWM-01 ADSL/MODEM Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is accessible without authentication. Once modified,...
Adobe ColdFusion < 11 Update 10 - XML external entity injection
Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - APSB16-30 - Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion = 11 XML External Entity XXE Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...
Cisco WebEx Meetings Player Denial of Service Vulnerability
Cisco WebEx Meetings are web conferencing solutions. A security vulnerability exists in Cisco WebEx Meetings Player due to the program not properly validating user-supplied files. Exploitation of this vulnerability by an unauthenticated remote user could cause WebEx Meetings Player to crash...
Authentication Vulnerability in Range Networks OpenBTS/OpenBTS-UMTS
Range Networks OpenBTS/OpenBTS-UMTS is software for analog protocol stacks for GSM networks. An authentication vulnerability exists in Range Networks OpenBTS/OpenBTS-UMTS. An unauthenticated, remote attacker could exploit the vulnerability to execute commands in the transceiver module of the BTS...
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer =...
Nagios Network Analyzer 2.2.0 Command Injection / SQL Injection
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer = 2.2.0 PDF:...
vBulletin 5.2.2 - Server-Side Request Forgery
vBulletin 5.2.2 - Server-Side Request Forgery ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6483 - Release date: 05.08.2016 - Severity: High ============================================= I...
MS16-085: Cumulative Security Update for Microsoft Edge (3169999)
The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3169999. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists due to a failure to properly implement Address Space Layout Randomization ASL...
Apache Struts vulnerable to denial-of-service (DoS)
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. ASAI Ken reported this...
JVN#07710476: Apache Struts 2 vulnerable to remote code execution
Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is publicly...
Cisco FirePOWER System Software Denial of Service Vulnerability
Cisco Firepower is a family of advanced firewalls. A security vulnerability exists in the packet processing functionality of the Cisco FirePOWER System Software. An unauthenticated, remote attacker could cause a denial of service on the affected device...
Cisco FirePOWER System Software Kernel Logging Configuration Denial of Service Vulnerability
Cisco Firepower is a family of advanced firewalls. A security vulnerability exists in the kernel logging configuration of the Cisco FirePOWER System Software.ASA 5585-X FirePOWER SSP module is affected by this vulnerability. An unauthenticated remote attacker could cause a denial of service on th...
OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)
It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...
Gemtek CPE7000 WLTCS-106 Administrator SID Retriever
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever', 'Description' = %q A vulnerability exists for Gemtek CPE7000 model ID...
Ecava IntegraXor Report summary SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summary report requests. The vulnerability is caused by the lack of input...
Cisco TelePresence Server Denial of Service Vulnerability
Cisco TelePresence is a Cisco TelePresence solution. Cisco TelePresence Server version 3.1 fails to properly handle malformed STUN packets, which can allow an unauthenticated remote attacker to cause the affected device to reload...
Php Utility Belt Multiple Vulnerabilities
Php Utility Belt is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phputilitybelt:php";...
IKE/IKEv2 protocol implementations may allow network amplification attacks
Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume Network Amplification IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an...
Cisco ASA < 9.5(2.2) IKEv1 and IKEv2 UDP Packet Handling RCE (cisco-sa-20160210-asa-ike)
Binary data 801954.prm...
Samsung SRN-1670D camera contains multiple vulnerabilities
Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200: Information Exposure - CVE-2015-8280 The interface...