182 matches found
CVE-2016-9490
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...
Pelco Sarix Pro Network Camera set_param Program Has an Override Access Vulnerability
pelco Sarix Professional is a video camera. An override access vulnerability exists in the pelco Sarix Pro network camera setparam program. The vulnerability allows attackers to remotely enable ssh services without authentication to take full control of the camera...
JanTek JTC-200 Unauthorized Access Vulnerability
JanTek JTC-200 is a TCP/IP converter serial server from Taito JanTek Technology. An unauthorized access vulnerability exists in the JanTek JTC-200. An attacker can access the Busybox Linux shell via Telnet service without any authentication...
CVE-2016-9369
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...
libvirt: Setting empty VNC password allows access to unauthorized users
It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authenticatio...
The vulnerability of the automated system for managing technological processes of SIMATIC WinCC OA allows a malicious individual to execute arbitrary codes without going through authentication procedures.
The vulnerability of the SIMATIC Winn CC OAM software relates to errors that occur when processing specially crafted TCP packets. Exploiting this vulnerability allows a malicious individual to execute arbitrary code by sending specially crafted packets to port 4999...
Apple MAC OS X XPC entitlements elevation of privilege vulnerability
Apple Mac OS X is a commercial operating system. Apple Mac OS X checks for a security vulnerability in XPC entitlements, which allows attackers to exploit the vulnerability to gain administrative privileges without authentication...
Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability
No description provided by source. Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs...
DEBIAN-CVE-2011-4945
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication...
Ektron CMS 8.5.0 - Multiple Vulnerabilities
Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...
Iciniti Store 4.3.3683.31484 SQL Injection
Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...
Iciniti Store - SQL Injection
Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...
Snom IP Phone Privilege Escalation - Security Advisory - SOS-12-001
Exploit for hardware platform in category web applications Snom IP Phone Privilege Escalation - Security Advisory - SOS-12-001 Product. Snom IP Phone series Platform. Hardware Affected versions. All versions prior to v8.4.35 Severity Rating. High Impact. Privilege escalation Attack Vector. Remote...
Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability
Exploit for jsp platform in category web applications Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102...
Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting
Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2....
cPassMan 1.82 - Arbitrary File Download
cPassMan 1.82 - Arbitrary File Download Sense of Security - Security Advisory - SOS-11-004 Release Date. 15-Apr-2011 Last Update. - Vendor Notification Date. 7-Mar-2011 Product. Collaborative Passwords Manager cPassMan Platform. Independent PHP Affected versions. 1.82 verified, and possibly other...
Wordpress plugin BackWPup Remote and Local Code Execution
Exploit for php platform in category web applications Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2010 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 verified, possibly others Severity Rating. High Impact. System Access Attack Vecto...
Cisco CiscoWorks Internetwork Performance Monitor code execution
It's possible to execute commands without authentication...
GLSA-200403-08 : oftpd DoS vulnerability
The remote host is affected by the vulnerability described in GLSA-200403-08 oftpd DoS vulnerability Issuing a port command with a number higher than 255 causes the server to crash. The port command may be issued before any authentication takes place, meaning the attacker does not need to know a...
MusicDaemon 0.0.3 - Remote Denial of Service etcshadow Stealer (2)
MusicDaemon 0.0.3 - Remote Denial of Service etcshadow Stealer 2 / MusicDaemon Hello ...... bin::9797:0::::: ftp::9797:0::::: sshd::9797:0::::: ...... root@vortex:/test Server Side View: root@vortex:/test/musicdaemon-0.0.3/src ./musicd -c ../musicd.conf -p 1234 Using configuration: ../musicd.conf...