CVE-2018-11681

CVE-2018-11681 : The connected OpenVAS entry confirms a vulnerability in Lutron devices using the RadioRA 2 integration protocol (Revision M–Y) where default credentials (user: nwk, pass: nwk2) provide full superuser access via Telnet. This allows complete control of the IoT device over the netwo...

CVE-2018-11682

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can...

Pymap-Scanner - Python Scanner with GUI

Python-based port scanner with Pyqt4 user interface. Features Basic Gui Speed Scan Custom Services User Control Error Control Useful parameters And More. Installation Modules $ Pyqt4 $ Nmap RequirementsThird +xsltproc Download Pymap-Scanner...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...

User Control - Unauthenticated SQL Injection

The User Control plugin has a vulnerability that allows every unauthenticated website visitor to perform arbitrary SQL queries...

Nicolas Gudino Flash Operator Panel callforward module command injection vulnerability

Nicolas Gudino a.k.a. Asternic Flash Operator Panel FOP is a suite of phone system monitoring software. user Control Panel UCP is one of the user control panels. callforward module is one of the callforward modules. A command injection vulnerability exists in the callforward module of the UCP in...

Flash Operator Panel 2.31.03 - Command Execution

Flash Operator Panel 2.31.03 - Command Execution Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability...

CVE-2018-5694

The callforward module in User Control Panel UCP in Nicolas Gudino aka Asternic Flash Operator Panel FOP 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter...

Command injection

The callforward module in User Control Panel UCP in Nicolas Gudino aka Asternic Flash Operator Panel FOP 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter...

CVE-2018-5694

The CVE-2018-5694 entry corresponds to a command injection vulnerability in the callforward module of the User Control Panel (UCP) within Nicolas Gudino’s Flash Operator Panel (FOP) version 2.31.03. A remote authenticated user can exploit the vulnerability by supplying a crafted value to the comm...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting Vulnerability

WordPress Ultimate Instagram Feed plugin version 1.2 suffers from a cross site scripting vulnerability. ------------------------------------------ Ultimate Instagram Feed - WordPress plugin Version: 1.2 Author: OmarK ------------------------------------------ The vulnerability lies in the...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

macOS IOFireWireAVC Kernel Extension Out of Bounds Vulnerability（CVE-2017-2436）

Technical Details The vulnerable code can be found in IOFireWireAVC-424/IOFireWireAVC/IOFireWireAVCUserClient.cpp: ... case kIOFWAVCUserClientCreateAsyncAVCCommand: result = CreateAVCAsyncCommandUInt8arguments-structureInput, UInt8arguments-structureOutput, arguments-structureInputSize,...

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

CVE-2016-9406

Cross-site scripting XSS vulnerability in the User control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138)

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation MS16-138 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=914 Windows: VHDMP Arbitrary File Creation EoP Platform: Windows 10 10586 and 14393. Unlikely to work on 7 or 8.1 as I think it’s new functionality...

Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities

Document Title: =============== Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1906 Release Date: ============= 2016-10-21 Vulnerability Laboratory ID VL-ID: ===================================...

Microsoft Office Outlook Remote Code Execution Vulnerability (3170008)

This host is missing an important security update according to Microsoft Bulletin MS16-088. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...