72 matches found
RHEL 8 : httpd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - httpd: Use-after-free on HTTP/2 stream shutdown CVE-2018-1302 Note that Nessus has not tested for this issue but ha...
RHEL 6 : pyyaml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - In PyYAM...
RHEL 7 : rubygem-rack (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 - A possible denial of service...
RHEL 7 : libexif (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libexif: Out-of-bounds heap read in exifdatasavedataentry function CVE-2017-7544 - A vulnerability was...
RHEL 5 : xsa183_xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery XSA-183 CVE-2016-6259 Note that...
RHEL 5 : librsvg2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - librsvg2: DoS parsing SVGs with circular definitions rsvgcssnormalizefontsize function CVE-2016-4348 Note that Ness...
RHEL 6 : freetype (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freetype: parsecharstrings function in type1/t1load.c does not ensure that a font contains a glyph name...
Security feature bypass
Rejected reason: Red Hat Product Security does not consider this to be a vulnerability. Upstream has not acknowledged this issue as a security flaw...
M-09 Unmitigated
Lines of code Vulnerability details Mitigation of M-09: Issue not mitigated Link to Issue: code-423n4/2023-09-asymmetry-findings31 Comments The sponsor has acknowledged the issue but decided to not mitigate it. Acknowledged and did not fix, plan to upgrade a fix in the future --- The text was...
3Commas API Database Leaked by Anonymous Hacker
By Deeba Ahmed 3Commas' CEO, Yuriy Sorokin, has acknowledged the breach. This is a post from HackRead.com Read the original post: 3Commas API Database Leaked by Anonymous Hacker...
MercadoLibre: Reflected Cross Site Scripting
Reflected Cross Site Scripting was reported by @madara. A proof-of-concept code was provided to demonstrate the vulnerability. The issue was acknowledged and addressed internally by MercadoLibre...
man-cgi Local File Inclusion
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd the Script will read and return the local file. This is happening because of the way the Script calls the "man"...
Natus Xltek EEG NeuroWorks ItemList Deserialization Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...
PHP Login And User Management 4.1.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary...
PHP Login And User Management 4.1.0 Shell Upload
Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary file upload vulnerability in /classes/profile.class.php...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...
Appear TV XC Hardware Maintenance Centre Directory Traversal
CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088 Discoverer: Arqiva Threat Team Person Karl W Product: Appear TV XC Hardware Maintenance Centre on port TCP/8088 Vendor : Appear TV Code Versions: All Version Vulnerability: Directory Traversal Impact: It is possible to read OS...
Natus Xltek EEG NeuroWorks SavePatientMontage Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Teste...
JasperSoft JasperReports 4.7 Password Disclosure
Credits: Joshua Platz aka Binary1985 + CVE ID: CVE-2017-14941 + Website: https://github.com/binary1985 + Source: https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941 Vendor: ==========================...
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting
Vulnerability type: Multiple Stored Cross Site Scripting Vendor: Quali Product: CloudShell Affected version: v7.1.0.6508 Patch 6 Patched version: v8 and up Credit: Benjamin Lee CVE ID: CVE-2017-9767 ========================================================== Overview Quali CloudShell v7.1.0.6508...